The Irish Data Protection Commission (DPC) announced on Tuesday (15) the imposition of a € 450,000 fine on Twitter , due to a data breach that occurred in late 2018. This is the first sanction of the kind applied to an American technology giant under the new EU data privacy regime .
According to the regulator, the fine equivalent to R $ 2.7 million for the quotation of the day is due to a flaw in the social network application for Android . The bug allowed the private tweets of some users to be made public, being viewed by anyone on the platform.
Under the rules of the General Data Protection Regulation of the European Union ( GDPR ), which came into force in 2018, Twitter should notify the problem to the regulatory authority within a maximum period of 72 hours after becoming aware of what happened. But that was not done by the company at the time.
The DPC also requires companies involved in violations like this to document the data exposed and to report what actions have been taken to respond to the incident. The microblogging network also did not comply with the determination, according to the entity.
In a statement, Twitter took responsibility for the error and said it respects the agency’s decision to impose the fine. The American company justified the delay in sending the information to the DPC as an “unforeseen consequence of hiring employees” in the midst of the year-end festivities, from 2018 to 2019.
The social network also claimed to have modified its internal procedures to report any type of incident to the authorities in a timely manner, and that it remains committed to protecting the privacy of all users’ data.
It is worth mentioning that the investigation was conducted by the Irish DPC because Twitter’s international headquarters are in the country.