On December 15, 2020, Ireland’s Data Protection Commission (“DPC”) announced its decision to fine Twitter International Company (“Twitter”) €450,000 for failing to notify the DPC promptly of a data breach affecting EU personal data in compliance with the EU General Data Protection Regulation (“GDPR”). The decision received all the press coverage that is to be expected for any decision involving Big Tech and was the largest GDPR fine issued by the DPC to date. However, the significance of the decision really lies in the message that Controllers cannot escape their breach notification obligations due to failures on the part of their Processors.
For more on this topic, read Goodwin’s Client Alert in its entirety here.