Irish watchdog imposes $547,000 fine on Twitter in GDPR landmark

Ireland's data regulator has fined Twitter 450,000 euros ($547,000) for a bug that made some private tweets public, the regulator said on Tuesday, in the first sanction against a US firm under a new European Union data privacy system. 

The EU’s General Data Protection Regulation’s (GDPR) "One Stop Shop" regime makes Ireland's Data Protection Commission lead regulator of Twitter, Facebook, Apple, and Google in the bloc, due to the location of their EU headquarters.

GDPR has been in force since 2018, but the Twitter case is the first using a new dispute resolution system under which one lead national regulator makes a decision before consulting with the other EU national regulators.

Some EU regulators objected to Ireland's preliminary Twitter ruling when it was issued in May, triggering a referral to the dispute resolution body, the European Data Protection Board (EDPB). 

In its final ruling, the Irish DPC said it had originally sought to impose a fine of $150,000 - $300,000 but increased it after Austrian, German and Italian regulators successfully argued that it was too low.