Foreign media: Twitter could be subject to EU sanctions for data breach

On Friday, the Irish Data Protection Commission said it had finalized a draft decision related to the Twitter data breach and asked regulators in other EU countries to approve it,media reported. Ireland’s regulator said it had also completed a draft decision to investigate whatsApp’s data sharing transparency. Facebook will first need to comment on any proposed sanctions before the relevant EU agencies can comment.

Media: Twitter could be subject to EU sanctions for data breach

Twitter and Facebook’s WhatsApp are the first to be targeted, as Europe’s main privacy regulator is about to impose strict regulations on data protection in the region.

Irish regulators have been investigating since the EU’s strict General Data Protection Regulationcame came into force in May 2018, but no final decision has been made. The Irish Data Protection Commission, the main data protection authority for some of the country’s biggest technology companies, is targeting big US technology companies such as Twitter, Facebook, Google and Apple.

The EU’s General Data Protection Regulations empower regulators to impose fines of up to 4% of the company’s annual revenue for the most serious breaches. The biggest fine to date was a 50m euro ($54.5m) fine imposed on Google by the French National Industry Commission (CNIL).

Ireland’s regulator said in a statement on Friday that it had made progress in a number of other outstanding cases, including an investigation into Facebook’s local subsidiary’s obligation to “establish a legal basis for the processing of personal data,” adding that the investigation was “currently in the decision-making stage.”

The two cases are not the first time EU regulators have imposed sanctions on big US technology companies under the new General Data Protection Regulations, but they will be the first to test the cooperation of all 27 EU data protection bodies.

Since the alleged irregularities in both cases have had an impact across the EU, Irish regulators need to share their draft decisions with other regulators so that they can agree or disagree with their findings.