Please see below for comment from a cybersecurity expert on the recent Twitter fine by the Irish Data Protection Regulation.
The decision to fine Twitter 450,000 euros for failing to notify a data breach in time shows the intent between member states within the EU to seek a balance between ensuring the GDPR is properly enforcing the legal obligation on data controllers and to keep the law consistently positioned to be the reining baseline standard for international data privacy disputes.
There has been increased pressure on the local Irish data authority to ensure that the GDPR takes a front seat in deciding on actions to be taken in the wake of the Twitter data breach. This case is also drawing an increased spotlight on how to enforce the GDPR as a baseline involving an international entity as well as the use of article 65 as a vehicle for dispute resolution, which I believe will increase the importance of the GDPR as a regulation and the guidance within.
There were noted concerns raised by other member state privacy bodies that the Irish DPC needs to carefully weigh their responsibility to adequately protect and enforce the privacy laws of all EU citizens with the effects to their economy. This is understandable with the Irish DPC acting as the Lead Supervisory Authority (SA) in the case. However, I believe that they have run the case by the book, aside from the lengthy-time period required to reach a decision, but they appear to have acted in accordance with the rule of law stated in the GDPR. This could certainly cause a potential shakeup to international tech giants and set a new precedence on how they are doing business in the future and could cause havoc to the Irish market in the short run.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics