Last week, the European Data Protection Board adopted its first Article 65 GDPR decision and we eagerly await the full decision and outcome in due course. 

This has been a matter of real interest for large organisations who process data across various EU member states and as such, may be subject to decisions and views with input from multiple supervisory authorities across the EU. It is interesting to see Article 65 of the GDPR come into action and what does happen when the regulators disagree. 

Article 65 of the GDPR is intended to be invoked where a local supervisory authority, in this case the Irish Data Protection Commission ("DPC"), faces criticism from or does not agree with supervisory authorities in other EU Member States. 

In this case, various supervisory authorities made representations that they disagreed with certain allegations made against Twitter by the Irish DPC in respect of its GDPR compliance, following notification of a personal data breach in January 2019. 

The EDPB will publish its decision once the final decision has been communicated to Twitter as the relevant data controller.