Ireland: Announced Data Protection Commission investigation into Twitter

On 23 December 2022, the Irish Data Protection Commission (DPC) announced that it is opening an investigation into Twitter to determine its compliance with the security obligations outlined in the General Data Protection Regulation (GDPR). In particular, the DPC stated that it opened the investigation following reports alleging that one or more collected datasets of personal data of around 5.4 million Twitter users were made public on the internet. The datasets of personal data made public allegedly include Twitter IDs, email addresses and the telephone numbers of the users. The DPC aims to determine whether Twitter complied with its obligations as a data controller and processor and implemented security measures to safeguard the data it stores.