Elon Musk’s Twitter Inc. risks massive fines after its top privacy regulator in the European Union opened a probe into reports of a suspected data breach that compromised the personal details of 5.4 million users last year.
Ireland’s Data Protection Commission said in a statement on Friday it decided to start a probe under its own initiative, over reports that one or more datasets of Twitter user personal information “had been made available on the internet.”
“These datasets were reported to contain personal data relating to approximately 5.4 million Twitter users worldwide,” the agency said. “These datasets were reported to map Twitter IDs to email addresses and/or telephone numbers of the associated data subjects.”
The Irish authority said that after discussions with Twitter on the matter, it considers “one or more provisions” of the EU’s General Data Protection Regulation may have been - and may continue to be - infringed. The authority is the lead watchdog for some of Silicon Valley’s biggest tech firms that have set up an EU base in the country. Under GDPR, it wields the power to levy fines of as much as 4% of a company’s annual sales.
Global scrutiny of Twitter has reached fever pitch following Musk’s $44 billion takeover. While the suspected breaches came before the billionaire’s purchase, key roles policing compliance with regulations have been eliminated, sparking concerns about the social media-giant’s ability to protect user data.
Europe has been particularly quick to demand Twitter keeps up with its regulatory demands - from data protection to checking on hate speech. Hours after billionaire Musk closed his deal for the company, European Commissioner Thierry Breton sent a warning to the new owner, calling on the company to “fly by our rules.”
Since Musk’s takeover in October, he warned that Twitter is at risk of bankruptcy and instituted what he called a “hardcore” work environment after a drastic cutback in staff. In less than two months at the helm, he has spooked advertisers, alienated Twitter’s most ardent creators and turned the service from a forum for news discussion into a trending topic in itself.
The company this week resolved a dispute with a top executive who was shut out of the firm’s IT system after failing to respond within hours to a company-wide email from Musk asking staff if they were onboard with the new “Twitter 2.0.”
Aside from shuttering its Brussels office, its communications department in Germany no longer exists after Musk’s shake-up, according to the former head of the unit who sued in Germany for unfair dismissal.
Although it has been criticized for being slow to act, the Irish regulator last month slapped Meta Platforms Inc. with a €265 million ($281 million) fine for failing to prevent the leak of the personal data of more than half a billion users of its Facebook service.