Social media giant and influencer Twitter has been slammed with a fine of $547,000 on Tuesday by the European privacy regulators. According to sources, the charges against Twitter failed to properly notify regulators in a timely fashion after it suffered a data breach last year.
Reports indicate that any organization operating within the EU or that sells goods and services to customers within the EU must inform European privacy regulators within 72 hours after a data or privacy breach has occurred. And that is precisely what Twitter has done.
The latest fine indicates the first time any U.S. tech company has been hit with a cross-border case involving a violation of the European Union’s General Data Protection Regulation, which went into effect in May 2018. According to sources, companies that violate GDPR can be fined up to 2% of their global annual revenue.
Interestingly, Twitter’s 2018 revenue was $60 million, which transforms up to $1.2 million in fine. But the European privacy regulators determined that Twitter’s actions were not intentional or systematic. Thus the fine imposed was less than 1% of its total revenue.
“Twitter (NYSE: TWTR) discovered a bug in its microblogging communication service last year that exposed users’ private tweets and made them public. The data leak affected Android users and spanned four years between November 2014 and January 2019 before being fixed.”
The GDPR requires companies that deal with consumers and businesses in the EU to notify them of their privacy rights. It also has strict guidelines for being notified within 72-hour after a data breach has been discovered. This has been a very careless move for Twitter, which led to the company suffering a fine for violating the GDPR.