Twitter seems to be running into quite a few conflicts lately and the latest rift with Ireland’s Data Protection Commission (DPC) seems to be a specially big one. Ireland has imposed a huge fine on Twitter for allegedly breaching user’s data and consequently compromising on privacy.
Twitter’s €450,000 fine: Why is it notable?
The General Data Protection Regulation 2016/679 (GDPR) is a regulation under the EU law whose main motive is to regulate, govern and enforce data privacy and security. This regulatory body mandates that breaches of data at a personal level must be notified and documented with the relevant supervisory body within 72 hours of the controller being aware of the breach.
Twitter had violated this law in January 2019, when a breach had exposed private tweets from Android users for over 4 years. The fine comes as a landmark event as it features the implementation of cross-border GDPR by the Irish regulator. The inter-continental nature of the process extended the levying of the fine even thought DPC had filed a draft decision in May. Facing a lot of slack from other regulatory bodies on various aspects of the decision led to a lengthy dispute-resolution process delaying the official decision.
“We’re sorry it happened,” said Damien Kieran, Twitter’s Chief Officer and Global Data Protection Officer.
An interesting dispute that was later taken care was based on the amount that Twitter will be charged. Irish DPC has decided to charge Twitter a fine amounting to €450,000 (~Rs. 4 crores). DPC had initially set a lower fine amount citing that Twitter was not a regular offender and does not promote systematic violation. However, the fine amount was later increased which still remains much less than 2-4% of Twitter’s annual revenue which stands as the allowable fine limit.
Twitter earlier had run into troubles with Color Of Change, an NGO, which led to updating and altering of Twitters hate speech, which we had covered previously.