Irish data protection authority reveals probe into Twitter data breach

Ireland’s data protection authority revealed Friday that it is investigating Twitter’s compliance with Europeans’ new data privacy laws following a series of data breaches.

The Dublin-based Data Protection Commission (DPC) says it opened a new “statutory inquiry” following the latest breach notification from Twitter earlier this month. The inquiry fits into a probe the DPC launched last November.

“The DPC has this week opened a new statutory inquiry into the latest data breach it received from Twitter on January [8], 2019. This inquiry will examine a discreet issue relating to Twitter’s compliance with Article 33 of the GDPR,” the DPC said in a statement provided to The Hill. {mosads}

Under Article 33 of the General Data Protection Regulation (GDPR) — the European Union’s new data and privacy protection law — a personal data breach must be reported to the commissioner within 72 hours after it is discovered.

The Irish data commission started probing Twitter after receiving “a number of breach notifications” from the social media platform since the introduction of the GDPR, which went into effect in May 2018, according to the statement.

“The Data Protection Commission is currently investigating Twitter’s compliance with its obligations under the GDPR to implement technical and organisational measures to ensure the safety and safeguarding of the personal data it processes,” it added.

Earlier this month, Twitter disclosed that some Android devices may have disabled Twitter’s “Protect your Tweets” setting between November 2014 and Jan. 14, 2019.

Such glitches may have occurred when “certain account changes were made” — like changing an email address associated with a particular account, Twitter said in a blog post.

But the social media platform said while it has notified users it knows were impacted, there may be others it does not know about who were also impacted.

“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted,” the blog post states.