DUBLIN (Reuters) - Twitter’s lead regulator in the European Union, the Irish Data Protection Commissioner (DPC), said on Friday it was investigating the company for a breach notification received from the social networking site.
“The DPC has this week opened a new statutory inquiry into the latest data breach it received from Twitter on 8 January, 2019,” said the Commission in a statement posted on its website.
“This inquiry will examine a discreet issue relating to Twitter’s compliance with Article 33 of the GDPR.”
“We actively notify the Office of the Irish Data Protection Commissioner and the public of these issues as appropriate,” Twitter said in a statement on Friday.
“We are fully committed to working with the Data Protection Commissioner’s Office to improve the already strong data and privacy protections we offer to the people who use our services.”
Article 33 of the EU’s General Data Protection Regulation states that a personal data breach must be referred to the commissioner within 72 hours after becoming aware of it, and sets out the amount and type of information that must be supplied with the notification.
Under the new GDPR European privacy regulations, which came into effect in May, breaking privacy laws can result in fines of up to 4 percent of global revenue or 20 million euros ($22.82 million), whichever is higher, as opposed to a few hundred thousand euros previously.
The DPC has been investigating Twitter since November for a number of other breach notifications received from the company since the introduction of the GDPR.
Reporting by Graham Fahy; Editing by Toby Chopra and Jane Merriman