The authority will investigate allegations made by Twitter’s former head of security.
France’s data protection watchdog CNIL is investigating a whistleblower’s claims that Twitter made “egregious” misrepresentations to international regulators about its data security measures, according to a report in POLITICO.
“The CNIL is currently studying the complaint filed to the US Securities and Exchange Commission, the Federal Trade Commission and the US Department of Justice,” the French agency said in a statement Wednesday. “If the accusations are correct, the CNIL could take action leading to legal proceedings or a sanction, if it’s clear there were breaches.”
The Washington Post first reported Tuesday that Twitter’s former head of security Peiter Zatko made the accusations in a complaint alleging that the tech company violated the terms of a settlement with the US Federal Trade Commission by falsely claiming it had a solid security plan. Zatko also said that privacy should become Twitter’s number one priority “in light of the egregious and ongoing misrepresentations to the FTC, French and Irish regulators”, according to the complaint.
Whistleblower’s complaint is backed by hacking expertise
In his complaint, Zatko, a widely admired hacker known as ‘Mudge’, depicts Twitter as a “chaotic and rudderless company” plagued by infighting and unable to properly protect its 238 million daily users, according to the Washington Post article.
The complaint also says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks. Those included the commandeering of accounts held by high-profile users such as Elon Musk and former presidents Barack Obama and Donald Trump.
A CNIL spokesperson said the regulator only learned of the allegations on Tuesday through the Washington Post report. Ireland’s data watchdog also met with Twitter representatives after the reports on Zatko’s claims.
One of Zatko’s alleged ‘misrepresentations’ was an update to the platform late last year to comply with orders from the CNIL, which Zatko said was “blocked [from] rolling out” for a month “in order to extract maximum profit from French users”. Twitter has denied Zatko’s allegations, according to POLITICO.