'The lead data regulator for much of big tech in Europe is moving inexorably towards issuing its first major cross-border GDPR decision — saying today it’s submitted a draft decision related to Twitter’s business to its fellow EU watchdogs for review.
“The draft decision focusses on whether Twitter International Company has complied with Articles 33(1) and 33(5) of the GDPR,” said the Irish Data Protection Commission (DPC) in a statement.
Europe’s General Data Protection Regulation came into application two years ago, as an update to the European Union’s long-standing data protection framework which bakes in supersized fines for compliance violations. More interestingly, regulators have the power to order that violating data processing cease. While, in many EU countries, third parties such as consumer rights groups can file complaints on behalf of individuals.
Since GDPR begun being applied, there have been thousands of complaints filed across the bloc, targeting companies large and small — alongside a rising clamour around a lack of enforcement in major cross-border cases pertaining to big tech.
So the timing of the DPC’s announcement on reaching a draft decision in its Twitter probe is likely no accident. (GDPR’s actual anniversary of application is May 25.)
The draft decision relates to an inquiry the regulator instigated itself, in November 2018, after the social network had reported a data breach — as data controllers are required to do promptly under GDPR, risking penalties should they fail to do so.
Other interested EU watchdogs (all of them in this case) will now have one month to consider the decision — and lodge “reasoned and relevant objections” should they disagree with the DPC’s reasoning, per the GDPR’s one-stop-shop mechanism which enables EU regulators to liaise on cross-border inquiries.'
Comments