Site navigation

WhatsApp Faces £193m Fine for Violating Data Sharing Practices

David Paul


WhatsApp Social app firm WhatsApp has been fined for abusing privacy legislation after supposedly hiding how its data sharing practices.
The fine, doled out in Ireland, is one of the largest penalties for GDPR abuses after WhatsApp failed to inform users of how it shared data with parent company Facebook.

WhatsApp is facing a substantial fine for abusing privacy legislation after failing to properly reveal how it shared data with Facebook.

Ireland’s Data Protection Commission (DPC) slapped the company with the €225 million (£193m) fine, which is one of the most substantial ever handed out for a GDPR violation.

The DPC said that WhatsApp’s owner Facebook did not tell EU users enough about what the company does with their data.

According to a statement by the DPC, investigations began in December 2018 and examined whether WhatsApp had “discharged its GDPR transparency obligations” with regard to information and the transparency “to both users and non-users” of WhatsApp’s service.

The Irish data watchdog said this includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.

In conclusion to the investigation, the DPC said it would impose the €225m fine, as well as a ‘reprimand’, with an order for WhatsApp to “bring its processing into compliance”, by immediately taking actions to change its practices.

The conclusion comes after the DPC released a draft decision in January on its EU investigation into the transparency of data-sharing between WhatsApp and Facebook.

A WhatsApp spokesperson said that the company plans to appeal the decision.

In a statement, they said: “WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.

“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

The WhatsApp fine is the second-highest handed out under current EU GDPR rules, which came into force in 2018. The rules allow regulators to fine firms up to 4% of their annual revenue if user data is mishandled.

It was revealed earlier this week that the Information Commissioner Office in the UK has seen a record 1,580% increase in GPDR fines handed out between 2020 and 2021. The rise has been driven by large, high-profile fines handed to firms like British Airways and the Marriott Hotel chain.


In mid-April this year, the DPC announced an investigation into a Facebook data breach which saw hundreds of millions of users affected.

A statement by the Watchdog claimed it was in “close contact” with Facebook Ireland, “raising queries in relation to GDPR compliance”.

WhatsApp has already been hit with trouble over previous data policies on its platform. Earlier this year, the firm was handed a complaint by the European Consumer Organisation (BCEU) over claims it unfairly pressured users to accept its new privacy policy.

The BCEU said that WhatsApp used “persistent, recurrent and intrusive notifications” to push users to accept the updated privacy policy which put users pressure on its users, infringing their freedom of choice and breaching the EU Directive on Unfair Commercial Practices.

David Paul

Staff Writer, DIGIT

Latest News

%d bloggers like this: