WhatsApp is facing a substantial fine for abusing privacy legislation after failing to properly reveal how it shared data with Facebook.
Ireland’s Data Protection Commission (DPC) slapped the company with the €225 million (£193m) fine, which is one of the most substantial ever handed out for a GDPR violation.
The DPC said that WhatsApp’s owner Facebook did not tell EU users enough about what the company does with their data.
According to a statement by the DPC, investigations began in December 2018 and examined whether WhatsApp had “discharged its GDPR transparency obligations” with regard to information and the transparency “to both users and non-users” of WhatsApp’s service.
The Irish data watchdog said this includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.
In conclusion to the investigation, the DPC said it would impose the €225m fine, as well as a ‘reprimand’, with an order for WhatsApp to “bring its processing into compliance”, by immediately taking actions to change its practices.
The conclusion comes after the DPC released a draft decision in January on its EU investigation into the transparency of data-sharing between WhatsApp and Facebook.
A WhatsApp spokesperson said that the company plans to appeal the decision.
In a statement, they said: “WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”
The WhatsApp fine is the second-highest handed out under current EU GDPR rules, which came into force in 2018. The rules allow regulators to fine firms up to 4% of their annual revenue if user data is mishandled.
It was revealed earlier this week that the Information Commissioner Office in the UK has seen a record 1,580% increase in GPDR fines handed out between 2020 and 2021. The rise has been driven by large, high-profile fines handed to firms like British Airways and the Marriott Hotel chain.
- 5 of the biggest ICO fines ever issued
- Two thirds of internet traffic is now made up of bots
- Fintech Summit 2021 | Just two weeks to go
In mid-April this year, the DPC announced an investigation into a Facebook data breach which saw hundreds of millions of users affected.
A statement by the Watchdog claimed it was in “close contact” with Facebook Ireland, “raising queries in relation to GDPR compliance”.