The Irish Data Protection Commission on Tuesday fined Twitter €450,000 for violations of the EU’s privacy rulebook — bringing months of deliberations over the penalty to a close.
The €450,000 fine is the first levied by the Dublin-based regulator against a Silicon Valley company and its highest to date.
The Irish Data Protection Commission (DPC) triggered a dispute resolution mechanism after its initial draft decision, submitted in May, attracted a volley of objections. Regulators from three countries — Austria, Italy and Germany — objected to the size of the penalty.
The European Data Protection Board, which gathers EU privacy regulators, has since taken some of those objections into account and proposed a compromise. But the Hamburg regulator rejected that deal, saying it fails to address German concerns and told POLITICO earlier this month that it was mulling a legal challenge against the fining process.
The size of the fine imposed on Tuesday will do little to assuage concerns that Ireland is taking a light touch to enforcement of Silicon Valley companies, which are for the most part overseen by the Irish DPC as their lead regulator since they have their EU bases there. It stands in stark contrast to a €100 million fine levied by the French data regulator against Google last week.
The Dublin regulator penalized Twitter for failing to document a breach and failing to notify it of the breach within 72 hours. The data breach in question involved a bug in the Twitter Android app making users’ protected tweets public if they changed the email address linked to their account.
A statement from Twitter’s EMEA headquarters in Dublin read: “An unanticipated consequence of staffing between Christmas Day 2018 and New Year’s Day resulted in Twitter notifying the Irish data protection commissioner outside the 72-hour statutory notice period. We have made changes so that all incidents following this have been reported to them in a timely fashion.”
“We take full responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur,” the company said.
This story has been updated with a statement from Twitter.
Shawn Pogatchnik contributed reporting.
Want more analysis from POLITICO? POLITICO Pro is our premium intelligence service for professionals. From financial services to trade, technology, cybersecurity and more, Pro delivers real time intelligence, deep insight and breaking scoops you need to keep one step ahead. Email [email protected] to request a complimentary trial.