Elon Musk’s Twitter Inc. risks massive fines after its top privacy regulator in the European Union opened a probe into reports of a suspected data breach that compromised the personal details of 5.4 million users last year.
Ireland’s Data Protection Commission said Friday it decided to start a probe over reports that one or more datasets of users’ personal information “had been made available on the Internet.”
“These datasets were reported to contain personal data relating to approximately 5.4 million Twitter users worldwide,” the agency said.
“These datasets were reported to map Twitter IDs to email addresses and/or telephone numbers of the associated data subjects.”
The Irish authority said that after discussions with Twitter on the matter, it considers “one or more provisions” of the EU’s General Data Protection Regulation may have been — and may continue to be — infringed.
The authority is the lead watchdog for some of Silicon Valley’s biggest tech firms that have set up an EU base in the country.
Under GDPR, it wields the power to levy fines of as much as 4% of a company’s annual sales.
Global scrutiny of Twitter has reached fever pitch following Musk’s $44 billion takeover.
While the suspected breaches came before the billionaire’s purchase, key roles policing compliance with regulations have been eliminated, sparking concerns about the social media giant’s ability to protect user data.
Europe has been particularly quick to demand Twitter keeps up with its regulatory demands — from data protection to checking on hate speech.
Hours after billionaire Musk closed his deal for the company, European Commissioner Thierry Breton sent a warning to the new owner, calling on the company to “fly by our rules.”
Since Musk’s takeover in October, he warned that Twitter is at risk of bankruptcy and instituted what he called a “hardcore” work environment after a drastic cutback in staff.
In less than two months at the helm, he has spooked advertisers, alienated Twitter’s most ardent creators and turned the service from a forum for news discussion into a trending topic in itself.
Twitter representatives didn’t immediately respond to an emailed request for comment.
The Irish regulator said it had “engaged” with it on the matter and “furnished a number of responses.”
The company this week resolved a dispute with a top executive who was shut out of the firm’s IT system after failing to respond within hours to a company-wide email from Musk asking staff if they were onboard with the new “Twitter 2.0.”
Aside from shuttering its Brussels office, its communications department in Germany no longer exists after Musk’s shake-up, according to the former head of the unit who sued in Germany for unfair dismissal.
Although it has been criticised for being slow to act, the Irish regulator last month slapped Meta Platforms Inc. with a €265 million ($281 million) fine for failing to prevent the leak of the personal data of more than half a billion users of its Facebook service.