Twitter fined half a million dollars for late data breach reporting

Twitter has been issued a big fine for late reporting of a data breach under GDPR rules.

Ireland’s Data Protection Commission slapped a fine of €450,000 ($547,000) on the social media company for failing to report an issue — which saw protected tweets become unprotected for some Android users — within the legally required timeframe per Europe's General Data Protection Regulation.

The DPC made its final decision on Tuesday after an investigation that commenced in Jan. 2019. Following a data breach in the 2018 holiday period, Twitter did notify the DPC, but the commission found that the company had reported it outside the 72-hour statutory notice period required under GDPR, and in doing so, "infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach." Read more...