Add this to the list of Elon Musk’s problems at Twitter: The work he’ll have to do convincing Europe’s top privacy enforcer that his platform isn’t breaking the law.
Ireland’s data protection chief — who oversees Twitter’s operations in Europe — told POLITICO she is worried about a range of issues at the platform, namely a paid membership program that allowed fraudsters to impersonate real accounts and sent out false messages and wrought havoc on the share prices of major firms.
The fake accounts that popped up after Musk introduced a paid-for “blue check” verification program – now on hold – raise potential problems under Europe’s privacy rulebook, Irish Data Protection Commissioner Helen Dixon said on the sidelines of a conference in Brussels.
“We’re now proactively engaging [with Twitter] and asking, ‘look, there is a lot of reporting around changes to verified accounts and blue ticks and phishing accounts. What risk assessments are being run and what are the implications for European users?” she said.
Dixon added that she would be “probing” these points with Twitter’s acting privacy chief, Renato Leite Monteiro, who’s been in his new job for just over a week and at Twitter since 2020.
Twitter’s hemorrhaging of staffers who engage with regulators and investigators is another worry for Dixon, whose office has imposed fines totaling more than €600 million since the European Union’s General Data Protection Regulation (GDPR) came online in 2018. Damien Kieran, an Irishman formerly in charge of privacy at Twitter, and the firm’s chief information security officer, Lea Kissinger, were among hundreds of Twitter employees to depart the company in a round of layoffs on November 10.
“Security is clearly part of data protection. And of course, we’ve also read that the chief security officer is gone,” said Dixon.
While Dixon said the new privacy chief had reassured her about compliance, it’s not clear whether enough staff remains to engage with any legal enquiries from regulators. Dublin already has two open investigations into Twitter that predate Musk’s arrival, and Dixon said her office would be “probing” the company’s directors about the blue tick program and any other privacy matters that may arise.
“We have, interestingly, of course, got an investigation underway into Twitter security,” she said. “We’re at the stage of having a final inquiry report, and then I will proceed to make the decision in relation to what the investigators in my office established. So that would be an interesting exercise in terms of sending that out to Twitter, looking at the submissions that they make on us, and testing the accuracy of the factual descriptions that we have,” she said.
“And, you know, we won’t be idle in terms of probing what is happening,” she added.
Last days of Twitter?
Amid the latest wave of resignations, speculation about a collapse of the platform and his diminishing personal wealth, scrutiny from Dublin may not be top of mind for Musk.
But the risk of falling afoul of EU privacy law would add to the financial misery for the billionaire, who paid $44 billion for a company experts say is now worth a fraction of that price.
If Dixon’s investigators find that Twitter has violated the GDPR, the firm could be on the hook for fines amounting to up to 4 percent of its global turnover, or more than a billion dollars according to the firm’s value when it delisted from the New York Stock Exchange on November 8.
Already, other European privacy watchdogs are pressing Dixon for answers about what’s going on at Twitter. “Are you satisfied? What have we been told? What are we proactively doing? You know, what are the next steps? What impact has it on the investigations that they’re aware we have underway already?” she said of their questions.
“I’ve chatted to them here, but we may try to do something more systemically with all 27 [European data protection authorities),” said Dixon, whose office is in charge of overseeing Twitter’s operations across the EU, in coordination with other national watchdogs.
The answer to the question “what’s going on at Twitter” is a dizzying one.
In the past few hours alone, dozens more employees have announced they are leaving Twitter, including staff on key engineering teams in charge of making sure the site is operating properly.
Previous rounds saw an exodus of support staff, including Twitter’s chief lobbyist in Brussels, Stephen Turner, and key compliance roles.
Dixon said she’d met with Kieran, the former privacy chief, on November 8, only to discover two days later that he’d been laid off. And while he has been quickly replaced, it’s unclear who else is in place to answer Dixon’s questions.
“There are other things around the office of the Data Protection Officer, it strikes us, that are going to be important, for example, in transparency, and in responsiveness terms to data subjects around the exercise of their rights,” she said.
“And we’re certainly having it reported to us that journalists are finding it difficult to get people to speak,” she said. “So we will have to examine carefully whether data subjects are complaining to us that they’re having trouble exercising rights or getting responses or getting accurate and up-to-date information on the website.”