Press play to listen to this article
Voiced by artificial intelligence.
After Elon Musk bought Twitter — and fired almost anyone whose job it was to deal with regulators — the social networking giant is now facing a flood of legal challenges across the European Union.
The question now is whether the EU’s watchdogs can live up to their ambitions to be the world’s digital policemen.
Ireland’s privacy regulator wants to know whether the company’s data protection standards are good enough. The European Commission doesn’t know who to ask about its upcoming online content rules. The bloc’s cybersecurity agencies raise concerns about an increase in online trolls and potential security risks.
Twitter’s unfolding turmoil is precisely the regulatory challenge that Brussels has said it wants to take on. The 27-country bloc has positioned itself — via a flurry of privacy, content and digital competition rules — as the de facto enforcer for the Western world, expanding its digital rulebook beyond the EU’s borders and urging other countries to follow its lead.
Now, the world’s richest man is putting those enforcement powers to the test.
Europe’s regulators have the largest collective rulebook to throw at companies suspected of potential breaches. But a lack of willingness to act quickly — combined with the internal confusion engulfing Twitter — has so far hamstrung the bloc’s enforcement role when it comes to holding Musk to Europe’s standards, according to eight EU and national government officials, speaking privately to POLITICO.
“This will be a major test for European regulators,” said Rebekah Tromble, director of the Institute for Data, Democracy & Politics at George Washington University. She is part of the advisory board of the European Digital Media Observatory, a group helping to shape the EU’s online content rulebook, known as the Digital Services Act (DSA).
“If Musk continues to act with intransigence, I think there’s an opportunity for European regulators to move much more quickly than normal,” she added. “These regulators will certainly be motivated to act.”
A representative for Twitter did not return requests for comment.
The bloc certainly has the firepower to bring Twitter to heel.
Under the EU’s General Data Protection Regulation, companies can be fined up to 4 percent of their annual global revenue for failing to keep people’s personal information safe. The Irish regulator, which has responsibility for enforcing these rules against Twitter because the company’s EU headquarters are in Dublin, has already doled out a €450,000 penalty for the firm’s inability to keep data safe.
As part of the bloc’s upcoming content rules, which will start to be enforced next year, the Commission will have powers to levy separate fines of up to 6 percent of a company’s yearly revenue if it does not take down illegal content. Brussels also has the right to ban a platform from operating in the EU after repeated serious violations.
Thierry Breton, the European internal market commissioner, reminded Musk of Twitter’s obligations under the bloc’s upcoming content rules in a call with the billionaire soon after his acquisition of the social network. Musk pledged to uphold those rules, even as he has pushed back at other content moderation practices that could hamper people’s freedom of expression on the platform.
“In Europe, the bird will fly by our rules,” Breton, the French commissioner, told Musk — via Twitter.
Yet over the last three weeks, European regulators and policymakers have struggled to navigate Twitter’s internal turmoil, according to four EU and national officials who spoke on the condition of anonymity to discuss internal deliberations.
The likes of Damien Kieran, Twitter’s chief privacy officer in charge of complying with Europe’s tough data protection standards, and Stephen Turner, the company’s chief lobbyist in Brussels, were among scores of senior officials who left since Musk took over.
Two of the EU officials, speaking about internal discussions on condition of anonymity, told POLITICO that multiple emails to Twitter executives bounced back after those individuals were laid off. One of those policymakers said he had taken to Twitter — scrolling through the scores of posts from the company’s employees announcing their departures — in search of information about who was still working there. A third official said the current confusion could prove problematic when the company had to reveal long-guarded information about the number of its EU users early next year.
Others have been fostering wider connections within the company, just in case. Arcom, France’s online platform regulator, for instance, has built ties with high-level executives outside of France and still had a contact in Dublin at the company to answer its pressing questions.
The policymaking blackholes — fueled by mass layoffs — have been felt beyond the EU.
Julie Inman Grant, Australia’s eSafety commissioner who previously ran Twitter’s public policy team in Asia, told POLITICO she had written to the company last week to remind them about its obligations to clamp down on child sexual exploitation on the platform. She had yet to hear back from Musk or other senior officials.
“We did have a meeting on the books with Twitter,” Melanie Dawes, chief executive of Ofcom, the U.K.’s communications regulator, told POLITICO ahead of her trip to Silicon Valley this week to meet many of the social media companies. “It was canceled.”
What about privacy?
Another open question is how Twitter with comply with Europe’s tough privacy rules.
Although the company’s chief privacy executive had been fired — and rumors swirled Twitter could pull out of Ireland in its cost-saving push — the Irish Data Protection Commission told POLITICO it had yet to open an investigation into the firm.
A spokesman for the agency said Twitter executives had assured Irish regulators on Monday that Renato Monteiro had been appointed as the company’s acting data protection officer — because it’s a legal requirement to have one — and no changes to how Twitter handled data had been made.
A key unanswered question is whether, in the wake of the mass layoffs, Twitter’s operations in Dublin are either shuttered or cut back to an extent that regulatory decisions are made in California and not Ireland.
Such a change would lead the company to fall foul of strict provisions within Europe’s privacy regime that require legal oversight of EU citizens’ data to be made in a firm’s headquarters within the 27-country bloc.
A data protection official, who asked to remain anonymous to speak candidly, said it was likely that Musk would move such decision-making powers to his inner circle in the United States. That potential pullback could allow any European regulator — and not just the Irish agency — to go after Twitter for potential privacy violations under the bloc’s data protection regime, the official added.
This story has been corrected to specify how multiple European privacy regulators may target Twitter for breaching the bloc’s rules if the company pulls out of Ireland.
Mark Scott, Vincent Manancourt, Laura Kayali, Clothilde Goujard and Louis Westendarp