Security News > 2020 > December > Twitter fined by EU data protection watchdog for GDPR breach
Ireland's Data Protection Commission fined Twitter €450,000 for failing to notify the DPC of a breach within the 72-hour timeframe imposed by European Union's General Data Protection Regulation and to adequately document it.
"The DPC's investigation commenced in January 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach," the Irish DPC said.
"On 26 December 2018, we received a bug report through our bug bounty program that if a Twitter user with a protected account, using Twitter for Android, changed their email address the bug would result in their account being unprotected," the breach notification sent to the DPC on January 2019 said.
As the EU watchdog underlined, even after this, Twitter failed to report the breach on time - within the 72-hour timeframe - given that it was only sent to the Commission on January 8.
Twitter said today that it closely collaborated with the Irish DPC during the investigation which is probably one of the reasons behind why the data watchdog considered the €450,000 fine as "Effective, proportionate and dissuasive."