Irish data protection regulator fines Twitter €450,000

Twitter for a security breach that occurred at the end of 2018, after two years of investigation, to 450,000 euros in fines. The DPC has sanctioned Twitter for failing to notify the necessary information on the data breach resulting from this security breach in time and also for failing to sufficiently document the breach.

This decision was taken in a particular context, the CPD was the lead authority under Article 60 of the RGPD, but several supervisory authorities concerned by the subject (including the CNIL) had raised relevant and reasoned objections to the CPD's draft decision.

Following these objections, the European Data Protection Committee (made up of the various European supervisory authorities) had then pronounced its decision on this dispute in a decision adopted on 9 November 2020.

https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-twitter-inquiry

https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_bindingdecision01_2020_en.pdf

https://www.lemonde.fr/pixels/article/2020/12/15/twitter-ecope-d-une-amende-de-450-000-euros-pour-non-respect-du-rgpd_6063486_4408996.html

https://www.lesnumeriques.com/vie-du-net/rgpd-450-000-d-amende-pour-twitter-en-irlande-n158471.html