Geez, you keep reminding me day after day why I appreciate the protections offered by the EU, and the added protections Germany adds on top of them.
Just for fun I looked to see where Twitter had their German offices. They are in Hamburg and Berlin, but not in Munich. Which is interesting because Apple, Google and Microsoft all prefer Munich, but Facebook and Twitter prefer Hamburg and Berlin. So there was little chance I would have been recruited.
For the record, I don’t work for Google, Apple or Microsoft. I just visit their offices during frontend meetups to eat their pizza, drink their beer and meet interesting frontend colleagues.
Nice to see George Takei boldly going somewhere new.
Anyone know if Stephen King has gone like Enron to Mastodon yet?
Or is he still at The Dark Twitter?
Maybe. Irish government would have to pay for enforcement at the DPC first though which they are unwilling to do. It may be politically advantageous to finally stump up if they fuck over the workers sufficiently. I don’t know though and I wouldn’t hold my breath. EU headquarters of Twitter are in Dublin.
Can’t GDPR claims be filed in any member country? Or are they then automatically referred to the Irish data protection authority?
ETA: this Techchrunch article is very enlightening. Basically, right now the Irish data protection authority is the relevant one because until Elongate (heh heh) twitter kept a careful corporate structure that allowed the Irish office input into product development, therefore making it relevant enough to be accepted as the sole EU representative for Twitter in the permissive data protection environment of Ireland.
But now they don’t have that input into Elon’s fiat decisions anymore, so they are in danger of losing this status, making every EU member country’s DPA responsible for their own enforcement…and countries like Germany are much stricter and more trigger-happy than Ireland.
They can as far as I know but the remedies are comparatively limited and, I also think the transgressions are similarly smaller than those of the European head office. The transfer of data to the US for wholesale plunder occurs under the aegis of that (I believe).
Individual redress would be via the national courts but holding the company as a whole to account is stymied by the Irish government’s deliberate underfunding of enforcement of GDPR. They no longer operate solely from an office above a Centra in some road stop in the midlands but they do not fund the quantity and calibre of lawyers required.
Including wiki on Max Schrems as he went both routes.
Currently Twitter has its “main establishment” in Ireland, meaning that it only has to deal with the Irish Data Protection Commission, but if the DPC determines that Twitter is no longer complying with requirements for that status it will be open season for other member states to take action.
Helmed by erratic new owner Elon Musk, Twitter is no longer fulfilling key obligations required for it to claim Ireland as its so-called main establishment under the European Union’s General Data Protection Regulation (GDPR), a source familiar with the matter has told TechCrunch.
Our source, who is well placed, requested and was granted anonymity owing to the sensitivity of the issue — which could have major ramifications for Twitter and for Musk.
Like many major tech firms with customers across the European Union, Twitter currently avails itself of a mechanism in the GDPR known as the one-stop shop (OSS). This is beneficial because it allows the company to streamline regulatory administration by being able to engage exclusively with a lead data supervisor in the EU Member State where it is “main established” (in Twitter’s case, Ireland), rather than having to accept inbound from data protection authorities across the bloc.
…
If the DPC assesses (or is informed by Musk) that it no longer has its main establishment in Ireland, the company will crash out of the OSS — opening it up to being regulated by the data protection authority across the bloc’s 27 Member States, which would become competent to oversee its business.
In practice, that means any EU data protection authority would be able to act directly on concerns it has that local users’ data is at risk — with the power to instigate their own investigations and take enforcement actions. So Ireland’s more business-friendly regulator would no longer be leading the handling of any GDPR concerns about Twitter; probes could be simultaneously opened up all over the EU — including in Member States like France and Germany where data protection authorities have a reputation for being quicker to the punch (and/or more aggressive) in responding to complaints compared to Ireland.
If Twitter loses its ability to claim main establishment in Ireland, it would therefore drastically amp up the complexity, cost and risk of achieving GDPR compliance. (Reminder: Penalties under the regulation can scale up to 4% of annual global turnover — so these are not rules a normal CEO would ignore.)
ETA
Both of you. Fascinating article. I knew bits and pieces (including the local people who resigned) but it ties it together really well.
Also the point that GDPR didn’t really change a lot of the underlying principles of the previous regime but it amped up enforcement and, very particularly, specific requirements for the DPO and their reporting, and personal liability for directors which obviously as they say in the article makes replacing these departees particularly challenging.
Nah - he can move his HQ to UK where we will shortly gut our data protections (aka burning red tape “for growth”), so it’ll all be cool. (PS Don’t tell Lone Skum UK is not in EU any more.)
But they’re agreeing to something absolutely ridiculous. In a way it’s not much different than “if you click this your salary is getting cut in half, otherwise you’re fired”
I’d be curious about exactly how they argue this particular ‘choice’ works from a legal standpoint.
If the claim is that the employee actually agreed to an amended contract by reading a memo about being more hardcore and then clicking a link they’ll need a jurisdiction that thinks clickwrap EULAs are a glorious advance in contract law to even get past the door.
If the claim is that they are simply being candid about what their new interpretation of job description will be, to be enforced to the extent existing contracts allow it, with a conveniently automated resignation option, there may well be some rumblings about constructive dismissal; but at least it won’t be an absurd parody of how contracts are supposed to work.
There is, of course, also the option that there is no coherent claim, save Musk demanding his perceived prerogatives, and the whole thing was slapped together more or less entirely without consultation or consideration of possible consequences. That would be in character.
