Twitter’s lead regulator in the European Union is on its case in the wake of senior staffers in charge of security and privacy compliance walking out the door. Ireland’s DPA is in contact with the company following media reports yesterday that its data protection officer (DPO) had resigned.
But the regulator has also another concern it wants to discuss with Twitter — regarding whether Twitter’s main establishment, for GDPR purposes, is still located in Ireland.
Ireland has a lead supervisor role for Twitter because the company was able to notify its Dublin office as its “main establishment” in the EU. However, with Musk slashing 50% of Twitter’s headcount globally just last week — and a reported “carnage” in the Irish office, questions have arisen in Dublin over the stability of its main establishment status for the GDPR.
If Twitter to be deemed to no longer have this processing base in Ireland there would be an immediate regulatory reconfiguration and data protection authorities across the bloc, from any of the EU’s 27 Member States, could instigate inquiries or act on local complaints themselves — cranking up the regulatory complexity, velocity and risk for Twitter’s European business.