Bermuda Post posted an article on March 18, 2021, about Twitter being fined over a data breach in Ireland. Below are some key highlights:
- Ireland’s Data Protection Commission (DPC) has issued Twitter with a fine of €450,000 (~$547k) for failing to promptly declare and properly document a data breach under Europe’s General Data Protection Regulation (GDPR).
- We have a shared commitment to online security and privacy, and we respect the IDPC’s decision, which relates to a failure in our incident response process. Our approach to these incidents will remain one of transparency and openness.”
- The company also told us that since this specific incident, where inadequate staffing over the 2018 holiday period led to a delay in reporting the breach, it has made all relevant incident reports to the DPC within the required 72 hour period.
- Yet with GDPR enforcement proving such a tedious, friction-filled process that threatens to take the shine off the nascent Digital Services Act and Digital Markets Act many months (or even years) before they can become EU law – raising questions about how the whole strategy can be expected to function in the absence of effective (i.e. fair but fast) enforcement. It did not specify how large an increase would be required.
Reference(s):