Sinn Fein spokesperson on Enterprise, Trade and Employment Louise O’Reilly TD has expressed worry that the fine issued by the Data Protection Commissioner today to Twitter due to its handling of a data breach last year reveals the office to be more of a lapdog than a watchdog when it comes to regulating big tech firms.
Teachta O’Reilly said:
“Today the Data Protection Commissioner fined Twitter €450,000 for its handling of a data breach last year.
“The DPC found that Twitter had failed to notify their offices of the data breach in time as required under the General Data Protection Regulation (GDPR), and it also failed to adequately document the breach.
“While we welcome the decision, as it is the first fine of a big tech company by the DPC, we also have to call out the derisory level of the fine and ask the hard questions as to why it is so low.
“Indeed, it has been reported that the that this fine amounts to only 1.5 hours of Twitter revenue.
“In a draft version of its rulings, the DPC had suggested a fine of €150-300k. However, this was opposed by a large number of other regulatory authorities at a meeting of the European Data Protection Board.
“Germany had suggested that a fine of €7m-22m would have been issued if the case came before their data regulatory body.
“The revised fine of €450,000 is wholly inadequate and raises serious questions for the DPC and the Government:
- Does the fine set a trend for meagre fines for big tech firms when they breach data protection regulations?
- Is friendly data protection regulation part of Irish state enterprise policy?
- Does the Government share the concerns of other regulatory authorities about the judgement and level of fine?
“The DPC is the lead authority for all technology firms based in Ireland – it has to have the necessary resources, human and financial, provided by the state.
“But it also has to have the will to be a serious watchdog in relation to regulating and overseeing the likes of TikTok, Twitter, Facebook, Google, and Microsoft, to name but a few.
“The paltry fine issued today leaves many of us wondering if the DPC is more lapdog than watchdog when it comes to data protection regulation.”