Photo by NeONBRAND on Unsplash [Download]

Further delay to GDPR enforcement of 2018 Twitter breach

Twitter users have to wait to longer to find out what penalties, if any, the platform faces under the European Unions General Data Protection Regulation for a data breach that dates back around two years.

In the meanwhile the platform has continued to suffer security failures including, just last month, when hackers gained control of scores of verified accounts and tweeted out a crypto scam.

In a statement on the development, Graham Doyle, the DPCs deputy commissioner, told TechCrunch: The Irish Data Protection Commission issued a draft decision to other Concerned Supervisory Authorities on 22 May 2020, in relation to this inquiry into Twitter. However, following consultation a number of objections were maintained and the DPC has now referred the matter to the European Data Protection Board under Article 65 of the GDPR.

Under the regulations one-stop-shop mechanism, cross-border cases are handled by a lead regulator typically where the business has established its regional base.

For many tech companies that means Ireland, so the DPC has an oversized role in the regulation of Silicon Valleys handling of peoples data.

The regulator also continues to face criticism for not yet getting it over the line in any of these complaints and investigations pertaining to big tech. So the Twitter breach case is being especially closely watched as it looks set to be the Irish DPCs first enforcement decision in a cross-border GDPR case.

The latest delay in the Twitter case is a consequence of disagreements between the DPC and other regional watchdogs which, under the rules of GDPR, have a right to raise objections on a draft decision where users in their countries are also affected.

Though commissioners signalled a willingness to wait and see how the one-stop-shop mechanism runs its course on cross-border cases, while admitting theres a need to reinforce cooperation and co-ordination on cross border issues.

Original article
Author: Natasha Lomas

TechCrunch is a leading technology media property, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.

Natasha Lomas has recently written 6 articles on similar topics including :
  1. "A dossier of evidence detailing how the online ad targeting industry profiles Internet users intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the countrys data watchdog to take". (September 21, 2020)
  2. "European data protection regulators have inched toward an enforcement decision for a Twitter breach that the company publicly disclosed in 2019, after a majority of EU data supervisors agreed to back a draft settlement submitted earlier by Irelands Data Protection Commission (DPC)". (November 10, 2020)
  3. "A dossier of evidence detailing how the online ad-targeting industry profiles internet users intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the countrys data watchdog to take". (September 21, 2020)
  4. "The lead data regulator for much of big tech in Europe is moving inexorably towards issuing its first major cross-border GDPR decision saying today its submitted a draft decision related to Twitters business to its fellow EU watchdogs for review". (May 22, 2020)
  5. "Twitter has disclosed more bugs related to how it uses personal data for ad targeting that means it may have shared users data with advertising partners even when a user had expressly told it not to". (August 7, 2019)
  6. "An investigation into this summers Twitter hack by the New York State Department of Financial Services (NYSDFS) has ended with a stinging rebuke for how easily Twitter let itself be duped by a simple social engineering technique and with a wider call for key social medi". (October 14, 2020)
Posted on  , ,