Twitter has been fined in a cross-border case under the European Union's new privacy law. Ireland’s Data Protection Commission announced today that it has slapped the micro-blogging site with a €450,000 fine for late notification of a data breach.
The penalty has been levied on the social networking company more than two years after Europe’s General Data Protection Regulation (GDPR) went into effect. As per the new privacy regulation, companies must notify the concerned regulators within 72 hours of learning about a data breach. It also requires companies to document what data was affected and how they have addressed the incident.
Twitter disclosed the breach to the Irish watchdog in January 2019. The issue affected Twitter for Android, disabling the "Protect your Tweets" setting and turned private tweets into public. It impacted users who had their protected Tweets feature turned on, used Twitter for Android, and changed some account settings. Twitter users on iOS or the web were not affected, though.
After commencing its investigation, Ireland's DPC found that Twitter failed to report the breach on time and provided insufficient documentation as required by GDPR.