Bloomberg Law
Jan. 17, 2019, 6:47 PMUpdated: Jan. 17, 2019, 8:05 PM

Twitter Faces New EU Query Into Data Security Flaw (Corrected)

Daniel R. Stoller
Daniel R. Stoller
Senior Legal Editor
Sara Merken
Sara Merken

Twitter Inc. may face a new European Union privacy probe over a security flaw that impacted Android users who aimed to protect their tweets.

The social media giant Jan. 17 said in a blog post that a privacy setting for some Twitter for Android users may have been disabled. The new Twitter data security scandal adds to the company’s EU privacy woes. EU officials already were investigating the social media giant’s data breach response and privacy practices.

“The Irish Data Protection Commission (DPC) has been notified of this data breach and we are currently assessing its contents,” Graham X. Doyle, head of communications at the commission, told Bloomberg Law Jan. 17. The privacy office hasn’t launched a formal investigation into the new security flaw, he said.

The scrutiny may put more pressure on the U.S.-based tech company to improve privacy practices or face massive EU privacy fines of 4 percent of the company’s annual revenue under the EU’s General Data Protection Regulation. The company earned $2.87 billion in revenue in 2017, Bloomberg data show.

“The DPC opened a statutory inquiry in late 2018 into Twitter’s obligation under the General Data Protection Regulation (GDPR) to implement technical and organisational measures to ensure the security and safeguarding of the personal data it processes following the receipt of a number of breach notifications from the company since May 25, 2018,” Doyle said. “This inquiry is ongoing.”

Twitter for Android Flaw

Twitter said Jan. 17 that users who “had protected Tweets turned on” in settings, “used Twitter for Android, and made certain changes to account settings such as changing the email address” between November 3, 2014, and January 14, 2019 may have been impacted, the social media company said.

The security flaw may have “disabled the ‘Protect your Tweets’ setting if certain account changes were made” for Twitter for Android Users, the company said in a blog post.

Twitter has since told affected users and “have turned “Protect your Tweets” back on for them if it was disabled,” according to the blog post.

Liz Kelley, communication representative for Twitter, said “once we discovered this issue, our team acted immediately to fix it.” Twitter is also working with regulators to address the issue, she said.

Kelley didn’t say how many users were impacted by the Twitter security flaw.

(Headline and first, third and fourth paragraphs corrected to reflect that the Irish regulator has not launched a formal investigation.)

To contact the reporters on this story: Daniel R. Stoller in Washington at, Sara Merken in Washington at

To contact the editor responsible for this story: Keith Perine at