LONDON — Twitter has been fined 450,000 euros ($547,000) by the Irish data regulator for breaching Europe's General Data Protection Regulation (GDPR).
The fine was announced by Ireland's Data Protection Commission (DPC) on Tuesday. It is the first time a financial penalty has been issued to a U.S. tech firm under the GDPR law.
GDPR is a set of data protection and privacy regulations introduced by the European Union in May 2018.
"The DPC has found that Twitter infringed Article 33(1) and 33(5) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach," the regulator said on its website.
It added: "The DPC has imposed an administrative fine of 450,000 euros on Twitter as an effective, proportionate and dissuasive measure."
Damien Kieran, Twitter's chief privacy officer and global data protection officer, said in a statement: "An unanticipated consequence of staffing between Christmas Day 2018 and New Years' Day resulted in Twitter notifying the DPC outside of the 72 hour statutory notice period. We have made changes so that all incidents following this have been reported to the DPC in a timely fashion."
Kieran added: "We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers, including through our work to quickly and transparently inform the public of issues that occur."
Many big tech companies have their EU headquarters in Ireland and so the Irish DPC supervises the firms under GDPR. An investigation was launched by Ireland's chief data regulator, Helen Dixon, in January 2019 after Twitter notified it of a GDPR breach.
Companies can be fined up to 4% of global annual revenues for breaching GDPR. For Twitter, that could mean a fine of up to $138 million.
Privacy campaigner Max Schrems appeared to be unhappy at the size of the fine, pointing out it will take the microblogging platform just one and a half hours to make the amount of money needed to pay the fine.
The fine comes as Europe and the U.K. unveiled major new pieces of legislation to keep U.S. tech giants in check.
In Europe, the Digital Services and Digital Markets Acts are set to be published on Tuesday afternoon, while the U.K. announced a new online harms bill.