WhatsApp Hit with Substantial Fine for Data Security Violations

Ireland’s data watchdog has imposed a record £193 million (€225 million) fine on WhatsApp, owned by Facebook, marking the largest penalty ever issued by the Irish Data Protection Commission and the second-highest under EU GDPR regulations. Facebook’s EU headquarters in Ireland designates the Irish regulator as the lead authority for the tech giant in Europe. 

WhatsApp, expressing disagreement with both the decision and the fine’s severity, plans to appeal. The fine stems from a 2018 investigation into WhatsApp’s transparency regarding data handling practices. The intricate issues examined included whether WhatsApp provided sufficient information to users about data processing and the clarity of its privacy policies, which have been updated multiple times. 

A spokesperson for WhatsApp emphasized the company’s commitment to a secure and private service, asserting efforts to ensure transparent and comprehensive information provision. The spokesperson deemed the penalties disproportionate, stating, “We disagree with the decision today regarding the transparency we provided to people in 2018.”  

Under GDPR rules, significant fines of up to 4% of the offending company’s global turnover are permitted. The Irish Data Protection Commission submitted its decision to other national data authorities, as mandated by GDPR. Eight countries, including Germany, France, and Italy, raised objections, citing disagreements on breached GDPR articles, fine calculations, and other issues. 

In late July, the European Data Protection Board directed the Irish DPC to adjust its findings, “reassess” the proposed fine of  £26-43 million (€30-50 million), and revise its decision by proposing a higher fine amount. The developments highlight ongoing challenges in harmonizing GDPR enforcement across European jurisdictions. 

Shopping Basket