Twitter has been fined €450,000 (£400,000) by the Data Protection Commission in Ireland for breaking Europe’s GDPR data privacy rules.

The GDPR is a user and data privacy regulation that came into effect in the EU on May 25, 2018, and was quickly put to use following four separate complaints against Google, Facebook, Instagram, and WhatsApp on the same day over their use of “forced consent.”

Twitter has accepted responsibility. In a statement, the firm blamed “an unanticipated consequence of staffing” during the period between Christmas Day 2018 and 1 Jan 2019 for its failure to comply with notifying the regulator within 72 hours of discovering the breach.

“We respect the IDPC’s decision, which relates to a failure in our incident response process,” said Damien Kieran, Twitter’s chief privacy officer and global data protection officer.

Buy Me A Coffee

The IDPC said it believed the fine was “an effective, proportionate and dissuasive measure”.

It related to a bug affecting Android users who had made their tweets private – it meant that if they made some changes to their account, their tweets could have been made public in error. The bug dated back to 2014, the firm said at the time.

READ
Meta Introduces Location Tagging on Threads: Here’s How It Works

It was disclosed in January 2019 and the DPC began its investigation shortly afterwards. Darren Wray, of privacy firm Guardum, said the penalty was a sign that the teeth of the GDPR were “getting sharper”. “This case should send a message to large tech firms that they need to take their data privacy responsibilities very seriously,” he said.