irish dpc twitter fine

Irish Data Protection Commission to announce Twitter fine on December 17th

Commissioner Helen Dixon will have an active week with her office’s first potential big tech fine under GDPR and a showdown against Facebook in the High Court.

Ireland’s data protection regulator is set to announce this week whether Twitter will receive a hefty fine for making some users’ private tweets public.

The result of its investigation into the data breach, which happened two years ago, is to be unveiled by Wednesday, December 17th at the latest.

It comes a week after Facebook said that it has put aside €302m for potential regulatory fines in Europe, arising mostly from investigations by Helen Dixon’s office.

Under GDPR rules, European data regulators can fine companies up to 4% of their annual turnover which, for large tech firms, extends to billions of euros.

However, experts say that is unlikely this Twitter decision will result in a massive fine, given its nature and the company’s voluntary admission of its fault.

Nevertheless, if a fine is announced, it will be the first from the Irish regulator against a big tech company under European GDPR rules.

The Irish Commissioner, Helen Dixon, is Twitter’s lead supervisory authority in the EU. Her office circulated a draft decision to other European data protection authorities in May, but some countries weren’t happy with it. The issue was referred as a “dispute resolution procedure” to the European Data Protection Board. On November 10th, that body said it had made its own determination and that the Irish DPC had a month to finalise and announce the decision.

The move comes ahead of the DPC’s legal showdown against Facebook in the High Court next week. In August, the social media giant took judicial review proceedings against the regulator. Facebook is hoping to quash both an inquiry and a preliminary decision from Helen Dixon’s office on the issue of personal transfers from the EU to the US. The preliminary decision would put a halt to Facebook’s transfers of the personal data of millions of EU users to the US.


Photo by Brett Jordan on Unsplash

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data