Did Twitter Break EU’s Privacy Rules?

Ireland is investigating Twitter (TWTR) in relation to its compliance with the European Union’s General Data Protection Regulation (or GDPR), the set of data privacy rules that went into effect in the EU in May 2018. The Irish Data Protection Commissioner (or DPC) launched the probe after Twitter notified it of a breach in January, Reuters reported. The report stated that Twitter had previously reported other breaches that the DPC is also investigating.

The latest probe is specifically examining Twitter’s compliance with Article 33 of the GDPR, which requires breaches affecting personal data to be reported to the regulator within 72 hours after they are discovered. Companies can be fined around $23 million or up to 4.0% of their global revenue, whichever is higher, if found to have violated the GDPR law. Twitter generated $2.4 billion in revenue in 2017.

Twitter is not alone in struggling with compliance with the EU’s tight privacy regulations. Facebook (FB) and Google (GOOGL) have also faced GDPR probes, some of which have resulted in fines. In January, France fined Google about $57 million in relation to a GDPR violation. Amazon (AMZN) and Spotify (SPOT) also are facing complaints about their compliance with GDPR, Reuters reported.

Despite the challenges of operating under the GDPR, Europe presents an attractive growth opportunity for companies like Twitter, Amazon, and Spotify. According to eMarketer, advertisers in Europe are quickly shifting their budgets to digital media, enlarging the advertising revenue opportunity for these companies.