Twitter Meets Irish Data Protection Watchdog

Twitter met Ireland’s data privacy watchdog on Monday following the departure of key executives from the social network, The Irish Times reported.

The meeting, held within days of the Irish regulator flagging concerns about changes at Twitter, indicates the urgency for both sides in avoiding misunderstandings that could lead to a crippling of the service in European Union states. It comes just over a fortnight after businessman Elon Musk completed his on-again, off-again takeover of the company in a $44 billion deal with a promise to restore it as a bastion of free speech.

According to The Irish Times, the Data Protection Commissioner (DPC) last Friday requested a meeting with Twitter to establish whether the social media platform would continue to make decisions in terms of the processing of personal data for EU users from their Irish office.

“In light of the coverage over the last 24 hours about the departure of senior staff, including the data protection officer, we want to establish with Twitter that they are going to be continuing to make decisions from their Irish office,” Graham Doyle, deputy commissioner at the authority, told Bloomberg on Friday.

To be able to continue using Ireland as their EU base, “the decisions that are made in terms of processing of personal data for EU users must take place in that country, as well,” said Mr. Doyle. “If they’re not, that will have a knock-on effect on their ability to avail of the main establishment.”

TechCrunch reported: Helmed by erratic new owner Elon Musk, Twitter is no longer fulfilling key obligations required for it to claim Ireland as its so-called main establishment under the European Union’s General Data Protection Regulation (GDPR), a source familiar with the matter told TechCrunch.

According to TechCrunch: Our source, who is well placed, requested and was granted anonymity owing to the sensitivity of the issue – which could have major ramifications for Twitter and Musk.

Under the EU’s GDPR, Twitter is obligated – in just one very basic requirement – to have a data protection officer (DPO) to provide a contact point for regulators.

Hence the departure of Damien Kieran, its first and only DPO since the role was created at the company in 2018, has not gone unnoticed by its data protection watchdog in Ireland, TechCrunch reported previously. But the Irish Data Protection Commissions (DPC)’s concerns are already spiraling wider than Twitter’s compliance with notifications about core personnel.

Twitter has not commented publicly on the DPC’s warning nor on the departures of senior regulator-facing staffers. Indeed, since Musk took over, TechCrunch reported, its communications department appears to have been dismantled and the company no longer responds to press requests for comment – so it was not possible to obtain an official statement from Twitter about these departures or on the substance of their report.

TechCrunch wrote: If Twitter loses its ability to claim main establishment in Ireland, it would therefore drastically amp up the complexity, cost and risk of achieving GDPR compliance. (Reminder: Penalties under the regulation can scale up to 4% of the global turnover – so these are not rules a normal CEO would ignore.)

Things aren’t looking great for Twitter’s continued existence right now. Will Elon Musk somehow make changes that appease various regulators? Or will he have to sell Twitter to some other company that feels capable of cleaning up the mess that Elon Musk made of the social media site?