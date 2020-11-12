In a press release, the European Data Protection Supervisor announced that he had voted on the first decision following a dispute based on the GDPR, namely Article 65, at his 41st plenary session. That first sanction concerns a Twitter bug that exposed some Android users’ private tweets. This vulnerability, fixed by the social network, caused tweets from 2014.

An upcoming sanction for Twitter

The European Data Protection Supervisor stated in his press release that he had “accepted his decision on November 9, 2020” in relation to Twitter and that Twitter would soon be officially informed of this decision. Therefore, the company should receive its first sanction for non-compliance with the GDPR within one month.

And for good reason, the social network admitted in January 2019 that it had discovered and fixed a security flaw that exposes tweets from Android users who do not yet have an account and who have protected tweets. In particular, this could result in a fine as the social network is required by GDPR to protect users’ personal data, otherwise a fine may be imposed. It can represent up to 4% of the company’s global sales.

A case that is easy for the European supervisory authority to handle?

At first glance, the Twitter case appears to be easier to handle than other investigations involving other members of the GAFA. In fact, certain ongoing investigations are based on complaints filed and require extensive, particularly legal, investigations into the practices of technology companies. For Facebook and Google, for example, the decision on the sanction could have been delayed due to the complexity of the issues and subjects.

This is also a criticism of the implementation of the GDPR. The question that remains is how large tech companies can be effectively regulated. To answer this question, the Commission is expected to present a legislative proposal starting next month to apply strict rules to influential internet platforms as part of a law on digital markets. Finally, this project could include the creation of a Europe-wide regulator. This would be one way of relieving the European data protection officer, who has a lot to do with the activities of the large technology companies.