Facebook-owned WhatsApp was just slapped with a whopping €225 million fine in Ireland, for breaking data protection rules.
Ireland’s Data Protection Commission (DPC) issued the fine, because WhatsApp Ireland failed to provide necessary data protection information to users and failed to meet is transparency obligations. This is the largest fine ever issued by the DPC and the second largest ever imposed on an organization under the EU’s data protection laws.
The ruling states that WhatsApp: failed to process user data in a lawful, fair and transparent way; failed to provide information on how data is collected “in a concise, transparent, intelligible and easily accessible form, using clear and plain language”; failed to inform users where their data was stored, details of someone they can contact, and purposes of collected data and who receives it; failed to inform users when their personal data was obtained and processed from third parties and where this data came from.
This all started in 2018, and back in July at a meeting of the European Data Protection Board the DPC was instructed to reassess and increase its initially proposed fine. Based on that, the €225 million number was arrived at.
WhatsApp says the fine is “entirely disproportionate” and it is going to appeal. A spokesperson for the company said in a statement that the issues in question related to policies in place in 2018, adding that “WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so”.