The fine could hardly be smaller
I doubt Twitter even care. Ireland's DPC showing their gums, not their teeth.
Ireland's Data Protection Commission (DPC) has fined Twitter €450,000 after ruling a bug in the firm's Android app that allowed users' private messages to be publicly viewed infringed the EU's General Data Protection Regulation (GDPR). The fine is a first levied by the Irish government against one of the so-called Big Tech …
There is usually leniancy in such situations, where the company cooperates with the authorities and shows contrition.
A few large fines in Germany have been reduced, because the companies involved worked closely with the registrars to ensure exposure was minimized and to take remedial action, so that such an event couldn't occur again.
So, the story is that Twitter had a bug which was clearly not intended and affected a subset of their users, failed to report in time, and got a fine so small they've already forgotten about it. Meanwhile, other companies do deliberate things which impact all of the customers, don't hide it, and get no consequences. Why would any company be worried about this? If this is the size of fines being handed out, they have nothing to worry about. If this is the only kind of investigation that gets done, one which can be completed by a simple program*, they have nothing to worry about. Any Irish out there who can petition their government to make their data protection office do more things?
* if ((reportTime-report.discoveredTime).days >= 3*mercyRatio) { report.company.fine(); }