WhatsApp fined 225 million euro by Irish data protection commissioner

The record fine came after the probe found WhatsApp had breached European Union laws on transparency.
An icon on a smartphone for the app WhatsApp (Nick Ansell/PA)
PA Wire
James Ward2 September 2021

WhatsApp has been hit with a fine of 225 million euros by the data protection commissioner, following an investigation into GDPR practices at the company.

The record fine came after the probe found WhatsApp had breached European Union laws on transparency, and the sharing of user information with other companies owned by Facebook.

In addition to the fine, the office of the data protection commissioner (DPC) in Dublin has issued a “reprimand” to WhatsApp, and ordered it to bring its processing into compliance with EU standards.

The investigation began on December 10 2018 and examined if WhatsApp had complied with its obligations under the EU’s General Data Protection Regulation (GDPR).

It is the second, and largest fine issued by the DPC under the GDPR, after Twitter was hit with a 450,000 euro penalty in 2020 over a security breach.

The investigation into the Facebook-owned messaging service examined if the company had met its transparency obligations around the provision of information to both users and non-users.

We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate

WhatsApp

This included whether users had been provided with information about data sharing between WhatsApp and other Facebook companies.

In a press statement, WhatsApp said the fine was “disproportionate” and said it  will appeal the ruling.

They said: “WhatsApp is committed to providing a secure and private service.

“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.

“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

The DPC initially imposed a smaller fine, but this was objected to by regulators in other EU member states.

On July 28 2021, the European Data Protection Board (EDPB) adopted a binding decision which was then notified to the DPC.

“This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of 225 million euro on WhatsApp,” a DPC statement said.

“In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.”

The Irish DPC is the lead supervisor of GDPR rules in the EU, because a large number of firms, including Facebook, WhatsApp and others, have their European headquarters based in Dublin.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in