15 December 2020
The Irish Council for Civil Liberties (ICCL) has said it is disappointing that the Data Protection Commissioner (DPC) chose to fine Twitter a meagre amount for a serious breach of data rights under the General Data Protection Regulation (GDPR).
This is the first time that the Article 65 “dispute resolution” mechanism of the GDPR has been used. The Spanish, Dutch, French, German, Austrian, Italian, and Hungarian GDPR enforcers all took issue with the DPC’s actions.
Serious objections were raised about the DPC’s handling of the investigation in to Twitter. In addition, the DPC’s European peers also objected to its decision to impose a minor fine on Twitter, and not reprimand it.
Dr Johnny Ryan, Senior Fellow on ICCL’s information rights programme said:
“For the first time, we have an evaluation of the DPC’s actions by its European peers. What has been exposed is sobering. Among many problems they identified, Italian, Hungarian, Austrian and German enforcers said the DPC was imposing a far too modest fine.”
The GDPR allows for a fine in Twitter’s case of $US 60 million. The DPC proposed to set the fine between $150,000 and $300,000. However, other European GDPR enforcers who sit on the European Data Protection Board made a binding decision that the DPC must reassess the level of the fine, setting a fine large enough to discourage Twitter from future breaches. But in response, the DPC issued a fine that is only marginally more than it had proposed. Its fine is €450,000. For context, the German GDPR enforcer wanted a fine in the range of €7,348,036 – €22,044,105.
ENDS/
Notes for editors:
Notes from the European Data Protection Board: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_bindingdecision01_2020_en.pdf
The Irish Council for Civil Liberties is Ireland’s oldest independent human rights campaigning organisation. We monitor, educate and campaign to secure human rights for everyone in Ireland.
For comment: Dr Johnny Ryan
For media queries: sinead.nolan@iccl.ie 087 4157162