Ireland’s Data Protection Commission on Thursday fined Facebook-owned messaging service WhatsApp a record €225 million ($267 million).
The privacy watchdog increased an existing fine for breaking data protection law after European regulators complained it had been too lenient
Why was the Irish regulator involved?
Ireland is the home of the regional headquarters of a number of major tech players — including Apple, Facebook, Google and Twitter.
As a result, the Data Protection Commission has been largely responsible for policing adherence to GDPR.
The agency launched the WhatsApp probe in December 2018 to examine whether WhatsApp “discharged its GDPR transparency obligations” when it came to telling users how their data would be used.”
This included details about how the information would be processed between WhatsApp and other Facebook companies.
The agency originally submitted its initial decision to other European regulators, whose approval is required, in December 2020.
However, it received objections from eight of them and was asked to “reassess and increase its proposed fine on the basis of a number of factors… and following this reassessment the DPC has imposed a fine of 225 million euro on WhatsApp.”
The fine is the second penalty — and the biggest — to be issued by the Irish regulator under the EU’s landmark GDPR data rights charter.
It fined Twitter €450,000 for a security breach last year.
The DPC also ordered WhatsApp to take “remedial actions” so that its data processing would adhere to EU law. The company said it was already making sure that procedures were transparent.
“WhatsApp is committed to providing a secure and private service,” the company said in a press statement.
“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.”
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”