Twitter Fine Leads to Standoff Between Ireland and EU Data Regulators
Twitter Inc. is racking up European firsts, but not necessarily in a good way.
(Bloomberg) -- Twitter Inc. is racking up European firsts, but not necessarily in a good way.
Ireland’s privacy watchdog was set to give out its first fine against the company, but challenges from other national data regulators have turned the case into a test of the European Union’s ability to solve regional disputes, and of Ireland’s lead regulatory role.
“A number of objections were raised” by other data protection authorities and the Irish watchdog “engaged in a consultation process with them,” the Irish Data Protection Commission said Thursday in a statement. “However, following consultation, a number of objections were maintained and the DPC has now referred the matter to the European Data Protection Board.”
Ireland’s move to involve the EU board is the first time a data agency has needed to ask the umbrella organization in charge of the bloc’s regulators to help find a solution.
The Twitter case comes from a breach in January 2019, when the company warned the Irish Data Protection Commission of a potentially disabled privacy setting for some Android users. Because the violation affected users throughout the continent, the Irish agency had to send the draft findings of its probe to other authorities.
The final ruling must address their concerns, and may help cement Ireland as the lead data protection regulator for major tech firms such as Facebook Inc., Google and Apple Inc., which use the country as a regional hub.
The latest developments in the Twitter probe could indicate a similar fate for Facebook’s WhatsApp, which faces an Irish probe into its transparency around data-sharing and was next in line to get a ruling.
Cases at the Irish data protection commission have been piling up since the bloc’s tough General Data Protection Regulation took effect in May 2018 -- but with no final decisions to date. The slow pace has attracted criticism from privacy advocates and other EU regulators, which have no power to decide on cases concerning wider European violations by companies with an Irish EU base.
GDPR allows regulators to levy penalties of as much as 4% of a company’s annual revenue for the most serious violations. The biggest fine to date was a 50 million-euro ($59 million) penalty for Google issued by France’s watchdog CNIL.
Helen Dixon, Ireland’s privacy commissioner, has opened at least 20 probes into big tech firms since the EU’s new privacy rules took effect, including cases involving Apple, Facebook and Microsoft Corp.’s LinkedIn.
While the watchdog has to ensure its decisions can withstand an appeal, it also has to grapple with procedures under GDPR. The obligation to send its draft decision around to 26 other EU regulators, which often have different views, reinforces EU-wide collaboration, but also brings delays.
©2020 Bloomberg L.P.