European Union privacy regulators are clashing over how much—if anything—to fine Twitter Inc. for its handling of a data breach disclosed last year, delaying progress of the most advanced cross-border privacy case involving a U.S. tech company under the EU’s strict new privacy law. The dispute, disclosed in a statement Thursday from Ireland’s Data Protection Commission, is one of the first major tests for enforcement of the EU’s privacy law, known as GDPR, which took effect in 2018. Those investigations are led by Ireland’s data commission because the companies have regional headquarters in Ireland, but its counterpart regulators in all 26 other EU countries can object in cases that involve them. The Twitter case is a bellwether because it is the first in which Ireland’s data commission forwarded a draft decision to its counterparts for comments, which it did in May. Ireland’s data commission said in its 2019 annual report that the focus of the case is on whether Twitter fulfilled its obligation for a timely notification of the breach.

Source: Wall Street Journal August 20, 2020 10:52 UTC