World-First Twitter has been fined for an error for data protection laws that made private tweets public.
The finger fined the company the 450,000 for failing to report the breach quickly, which was the result of a bug in the Android app.
For the first time, a U.S. agency has been fined under a new data privacy system established in the EU as part of a general data security control system.
A fine A technical issue related to an issue raised in the Twitter app in 2019 meant that tweets that were supposed to be secure would be visible to the public, the Irish Data Protection Commission said.
Part of the fine was levied because Twitter violated GDPR rules by failing to notify regulators in a timely manner and “fail to properly document violations.”
“The DPC has imposed an administrative fine of ৪ 450,000 on Twitter as an effective, proportionate and failed measure.”
But as significant as the verdict was, it came in a new way. Although the GDPR rules went into effect in 2018, the new ruling first used a “dispute resolution” process.
The rules mean a national regulator is able to make decisions and then be able to consult with other national regulators in the European Union. If these other EU regulators object to the preliminary ruling, the decision is left to the European Data Protection Board, where it will stand if approved by two-thirds of the states.
The EDPB announced that it had approved the Irish regulator’s initial decision, meaning the decision would stand and the fine would be imposed on Twitter.
The agency said it took responsibility for the mistake and appreciated the fact that the decision was made clear. It noted that the fine was related to Twitter’s failure to report violations, which were “unexpected consequences for employees.”
“Twitter has worked closely with the Irish Data Protection Commission (IDPC) to support their investigation,” said Damien Kieran, Twitter’s chief privacy officer and global data protection officer.
“We have a shared commitment to online security and privacy, and we respect the IDPC’s decision, which is related to our failure to respond to the incident. We have made changes so that all subsequent incidents are reported to the DPC in a timely manner.
“We take responsibility for these mistakes and are fully committed to protecting the privacy and data of our customers through our work to inform the public about the problems that occur to the public quickly and transparently. We appreciate the clarity that this decision has taken for companies and customers in the vicinity of GDPR breach notification requirements. Our approach to these events will be one of transparency and openness. ”