Twitter faces privacy scrutiny over claims it fails GDPR

Elon Musk’s Twitter is no longer meeting criteria that allows it to claim Ireland as its main establishment under the EU’s General Data Protection Regulation (GDPR), according to TechCrunch.

Many tech companies with customers in Europe use a GDPR one-stop shop (OSS), allowing them to streamline admin by “being able to engage exclusively with a lead data supervisor in the EU Member State”. However, Twitter seems to have broken some of the rules that allow it to use a OSS.

Along with mass firings totaling around half of its headcount, many of the company’s vital workers have walked out, including chief information security officer Lea Kissner, chief privacy officer Damien Kieran and chief compliance officer Marianne Fogarty.

Twitter GDPR

TechCrunch also raises the point that very few people will want to take the reigns of these vacated roles, since any GDPR breaches will likely fall on their shoulders given Musk’s controversial modus operandi at Twitter so far.

The Irish Data Protection Commission has already publicly announced that it would be questioning the company to discuss changes to Twitter’s privacy measures following the introduction of Musk as CEO, which was just a little over two weeks ago.

If it decides that Twitter no longer satisfies the relevant criteria, the company will no longer be able to use Ireland as its OSS, opening it up to individual action from each of the 27 countries that form the European Union, many of which are said to be more “aggressive” in their approach to responding to complaints. 

Besides a potentially long battle to remain GDPR-compliant, new Twitter products are purportedly bypassing the review procedures that were typical of previous management. An article on The Verge even indicates that the controversial Twitter Blue subscription was submitted for review “the night before the launch.”

• Protect yourself with the best VPNs