Ireland’s Data Protection Commission (DPC) on Tuesday imposed a fine of 450,000 euros (around $547,000) on Twitter for failure to promptly notify and properly document a data breach under Europe’s General Data Protection Regulation (GDPR).
This is the first time a US-based tech firm has been fined in a cross-border case under Europe’s data privacy law that came into effect on May 25, 2018.
The DPC’s investigation into Twitter commenced in January 2019 following the receipt of a breach notification from the social media company.
The DPC has found that Twitter infringed provisions of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach.
Under European data protection law, organizations need to report breaches of personal data to the relevant supervisory authority within 72 hours of the controller becoming aware of the breach, TechCrunch reported.
It is also important for them to properly document the data involved in the breach so that the data supervisor can check for compliance.
The Irish watchdog has a backlog of over 20 ongoing cases at this point, including active probes of Facebook, WhatsApp, Google, Apple, and LinkedIn, among others, said the TechCrunch report.