The Irish Data Protection Commission Is Looking Into Whether Or Not Twitter Broke The GDPR

Since Elon Musk completed the purchase of Twitter at the tail end of October, the social media platform has been mired in a firestorm of controversy. People have been quick to highlight out that Twitter has been fairly irresponsible in its adoption of features, despite the fact that the business has been wrangling to try to introduce features that would persuade users to join the Twitter Blue service.

While the company has been doing this, people have been quick to highlight that Twitter has been wrangling. Now, the Irish Data Protection Commission (DPC), which is the preeminent authority in the European Union regarding the compliance of personal data storage and processing, has announced that it will be conducting an investigation into Twitter in response to allegations that the company violated the General Data Protection Regulation, also known as the GDPR.
The data that was gathered in December 2021 via a Twitter API vulnerability is the source of the current inquiry. This vulnerability was used to get the data.

Despite the fact that the vulnerability was addressed by the corporation in January 2022, the dataset, including the 5.4 million people who were impacted was made available for free on an internet forum in November of this year. Another dataset emerged at a later point in time, claiming to have 17 million people who were impacted. Bleeping Computer reached out to a few of the people included in the dataset and verified that the information was accurate. However, the website was unable to independently authenticate the complete size of the database or its authenticity as a whole.

Even if these alleged violations of GDPR happened under the former ownership, Twitter as a legal entity is still accountable for maintaining the rules and will have to testify to the DPC in an inquiry that may see the business burdened with a multi-million Euro punishment, similar to what occurred to Meta in the past, should it be determined to have infringed GDPR. The information that the DPC is now looking into only relates to the 5.4 million customers who were impacted by the breach; however, it is possible that this number may grow in the future.