Ireland hands Twitter delayed landmark fine over data breach
James Hetherington
Twitter is the first of the U.S. Big Tech firms to get a GDPR fine. /AP

Twitter is the first of the U.S. Big Tech firms to get a GDPR fine. /AP


After lengthy negotiations, Ireland's data regulator has handed Twitter a landmark fine of close to $550,000. 

It is the first sanction brought against a U.S. "Big Tech" company under the European Union's General Data Protection Regulation (GDPR) and, importantly, the first to use a dispute resolution system – the European Data Protection Board (EDPB) – within that legislation.

GDPR was established in 2018, and the EDPB ensures its consistent application. It has meant, however, that the process has been slow and complex.



Helen Dixon, Ireland's data protection commissioner, has criticized the system. Speaking at the Web Summit at the start of December, she said: "Am I satisfied? No, the process didn't really work well.

"It is the first time EU data protection authorities have stepped through the process, so maybe it can only get better from here."

GDPR stipulates that the regulators of the EU member state in which the European headquarters of a company is situated can make decisions against that company before referring to the regulators of other member states. If any of them object, the matter goes to the EDPB, where it needs backing from two-thirds of the 27 member states.

In this instance, in May 2020 Ireland fined Twitter, which has its Europe headquarters in Dublin, over a bug in that made some private tweets public. The country said the tech giant failed to notify Ireland's Data Protection Commission on time or document the breach properly in 2019.

Other member states objected and after months of wrangling, the punishment has finally been upheld. Ireland is also home to Apple, Google and Facebook and has a backlog of more than 20 similar inquiries.

In a statement, Twitter blamed the fault on a staffing issue during the Christmas and New Year period in 2018.

"We take full responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur," said the statement posted on Twitter.

Search Trends