Irish DPC opens data breach inquiry | Media giant’s compliance with GDPR article being examined The Irish Data Protection Commissioner (DPC) has confirmed it has opened a statutory inquiry into a data breach notification from Twitter. The DPC will examine a “discreet issue” relating to Twitter’s compliance with a specific article in GDPR rules.
The data breach inquiry was opened after it received a breach notification in early January relating to a flaw on Android platforms. In a statement from the DPC’s head of communications Graham Doyle, he said the inquiry would look into Twitter’s compliance with Article 33 of the GDPR. The article states that a breach must be referred to the commissioner within 72 hours and also sets out the amount and type of information that must be supplied with the notification. The statement said Twitter was also being investigated in relation to its compliance with its obligations under the GDPR to implement technical and organisational measures to ensure the safety and safeguarding of the personal data it processes. This investigation began in November 2018 after the DPC was notified by Twitter of a number of breaches since the introduction of GDPR. A Twitter spokesperson said:
We actively notify the Office of the Irish Data Protection Commissioner and the public of these issues as appropriate. We are fully committed to working with the Data Protection Commissioner’s Office to improve the already strong data and privacy protections we offer to the people who use our services.
Under the GDPR, breaking privacy laws can result in fines of up to 4 percent of global revenue or 20 million euros ($22.82 million), whichever is higher, as opposed to a few hundred thousand euros previously. The DPC has been investigating since November for a number of other Twitter data breach notifications received since the introduction of the GDPR. Sources and credits: ReutersMore stories concerning Twitter