Security & Fraud

Twitter Data Breach Prompts GDPR Investigation

Twitter Data Breach Prompts GDPR Investigation

The Irish Data Protection Commissioner (DPC) is Twitter’s lead regulator in the European Union. On Friday (Jan. 25), the DPC said it was again looking into the social media giant because of another breach notification it received from the company, according to a report from Reuters.

“The DPC has this week opened a new statutory inquiry into the latest data breach it received from Twitter on 8 January, 2019,” the Commission said on its website. “This inquiry will examine a discreet issue relating to Twitter’s compliance with Article 33 of the GDPR.”

That particular article says a personal breach has to be referred to the commissioner within 72 hours, and it explains the amount and type of info that should come with the notification.

“We actively notify the Office of the Irish Data Protection Commissioner and the public of these issues as appropriate,” Twitter said on Friday. “We are fully committed to working with the Data Protection Commissioner’s Office to improve the already strong data and privacy protections we offer to the people who use our services.”

There can be steep consequences for violating GDPR rules. Organizations can be fined up to 4 percent of global revenue or 20 million euros ($22.82 million) – whichever is higher. Before, the penalties were only a few hundred thousand euros.

The DPC has actively been looking into Twitter since November of last year for numerous other breach-related notifications it received from the company.

A December report from IT governance showed that only 29 percent of firms in the EU have “fully” implemented the GDPR tenets.

The report surveyed more than 200 firms across a range of industries, and as many as 60 percent of the firms that responded said they were “aware” of the fact that they must respond to data subject access requests, but only 29 percent said they had plans in place to address the rules by which they must respond.

In other findings of the IT Governance report, 75 percent of firms said they had conducted at least some parts of a data flow audit, used to gain insight into data risks. As far as security is concerned, the roughly 61 percent of firms said they had “basic controls” in place to contend with data breaches, with 50 percent of firms stating they have plans in place to notify supervisors in the event of such breaches.


Latest Insights: 

The Payments 2022 Study: Building A High-Performance Payments Team For Fraud Detection, a PYMNTS collaboration with Stripe, examines how digital platforms of all sectors and sizes plan to develop their anti-fraud teams as part of their their broader growth and development strategies. Drawing from an extensive survey from approximately 250 payments heads at digital platforms in the U.S. and abroad, our study analyzes how poor anti-fraud capabilities can harm platforms’ long-term growth strategies, and how they can build high-performing teams to tackle these challenges.


To Top