Twitter issued with GDPR fine from Irish regulator

IRELAND – The Irish Data Protection Commission (DPC) has issued Twitter with a €450,000 fine for breaching the General Data Protection Regulation (GDPR).

Mobile social media twitter snapchat_crop

The DPC began an investigation in January 2019 after Twitter, which has its European base in Dublin, notified the regulator of a data breach discovered in December 2018.

The breach resulted from a design bug which led to protected tweets becoming accessible to the wider public if a user on an Android device changed the email address associated with their Twitter account.

An external Twitter contractor discovered the bug on Boxing Day 2018 and Twitter disclosed the issue to the DPC on 8 January 2019.

The regulator found that the social network failed to notify the breach on time. Under GPDR, organisations must report data breaches within 72 hours. Twitter was also penalised for failing to adequately document the breach.

“The DPC has imposed an administrative fine of €450,000 on Twitter as an effective, proportionate and dissuasive measure”, the regulator wrote in a press release.

The penalty is the first issued by the Dublin-based DPC against a tech giant.

The draft decision on the inquiry was also the first in which all European data protection authorities were consulted under Article 65 of the GDPR, or the ‘dispute resolution’ process. The DPC triggered the mechanism after its initial draft decision attracted objections from other data authorities over the size of the fine.

Damien Kieran, chief privacy officer and global data protection officer at Twitter, said: “An unanticipated consequence of staffing between Christmas Day 2018 and New Years’ Day resulted in Twitter notifying the IDPC outside of the 72 hour statutory notice period. We have made changes so that all incidents following this have been reported to the DPC in a timely fashion. 

“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur.”

We hope you enjoyed this article.
Research Live is published by MRS.

The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.

Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.

For example, there's an archive of winning case studies from over a decade of MRS Awards.

Find out more about the benefits of joining MRS here.

0 Comments

Display name

Email

Join the discussion

Newsletter
Stay connected with the latest insights and trends...
Sign Up
Latest From MRS

Our latest training courses

Our new 2025 training programme is now launched as part of the development offered within the MRS Global Insight Academy

See all training

Specialist conferences

Our one-day conferences cover topics including CX and UX, Semiotics, B2B, Finance, AI and Leaders' Forums.

See all conferences

MRS reports on AI

MRS has published a three-part series on how generative AI is impacting the research sector, including synthetic respondents and challenges to adoption.

See the reports

Progress faster...
with MRS 
membership

Mentoring

CPD/recognition

Webinars

Codeline

Discounts