Irish regulators fined Twitter about $547,000 over its handling of a privacy breach on Tuesday, the first penalty issued against an American tech giant under the European Union’s new data-protection law.
The 450,000-euro fine marked a milestone in the enforcement of the EU’s General Data Protection Regulation, a 2018 law meant to give Europeans more control over their online data.
Ireland’s Data Protection Commission said Twitter took too long to notify regulators about a bug in its Android app that made some users’ private tweets publicly visible. The problem affected at least 88,726 European users between September 2017 and January 2019, officials said.
The Irish regulator announced the penalty nearly two years after it started probing the breach in January 2019. The commission is responsible for enforcing the data protection law against Twitter and other Silicon Valley titans whose European headquarters are located in Ireland, such as Google and Apple.
The Twitter case was the first to go through a dispute resolution process established under the EU data law, in which the lead regulator makes a decision and then consults other national regulators.
Ireland’s decision went before the European Data Protection Board after some other regulators objected to the initial ruling. The board upheld most of the decision but directed Ireland to increase the fine. Irish regulators called the final penalty “effective, proportionate and dissuasive.”
Twitter said the fine stemmed from its failure to notify regulators about the bug within 72 hours after it learned of the problem. The San Francisco-based company blamed the delay on staffing issues between the Christmas and New Year’s holidays in 2018.
“We have made changes so that all incidents following this have been reported to the [Data Protection Commission] in a timely fashion,” Damien Kieran, Twitter’s chief privacy officer and global data protection officer, said in a statement. “We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur.”
With Post wires