I think the headline is fair. In the UK, the ICO requires [1] that breaches are notified within 24 hours of a breach being established. 2 months is a long time and the media is right to paint a negative picture. I suspect it is similar within the EU and I hear it is only going to get stricter once GDPR comes into force next year.
Instead of thinking that the author is "showing off" perhaps one should take it as an opportunity to learn something new. If one always encounters words/concepts one already knows, how does one learn anything new?
There are large companies which do take a moral stance on this and pay taxes as normal, so it is certainly a valid strategy. An example is bet365 in the UK who (according to the little knowledge I have, I used to work there) don't engage in tax avoidance schemes. The irony is that a gambling company takes a moral stance on tax whereas these big Silicon Valley companies who try to portray a liberal image are the most aggressive tax dodgers.
[1] https://ico.org.uk/for-organisations/guide-to-eidas/breach-r...