WhatsApp could face €50 million GDPR fine

The messaging service failed to adequately inform users about how their data would be shared with Facebook

WhatsApp faces a fine of up to €50 million (roughly £44 million) for violations of GDPR in a preliminary judgement reached by the Irish data protection regulator and forwarded to European counterparts for review.

Under the Irish Data Protection Commission’s (DPC’s) draft findings, WhatsApp failed to live up to transparency requirements, and therefore might receive one of the largest GDPR penalties to date, according to Politico.

The preliminary ruling was made over a case in which WhatsApp was accused of not properly informing its EU users about how it would share their data with Facebook.

The judgement was determined in December 2020 before it was sent to fellow European data regulators to assess and agree upon. 

The penalty could fall in the region of between €30 million and €50 million while WhatsApp may be required to change how it handles user data, according to Politico. Once ratified, this would be the second judgement the Irish DPC will have made under the one-stop-shop principle.

Under this principle, multinational companies with potential violations that are cross-border in nature will be investigated by a lead supervisory authority on behalf of the wider EU. In this case, and in the case of many other tech companies, Irish regulators are nominated as the lead authority given these companies are based in Ireland.

Twitter was the first company the Irish DPC fined under the one-stop-shop principle for breaching GDPR rules. The firm was ordered to pay €450k (approximately £409,000) for alerting the watchdog to a series flaw on its platform nearly two weeks after its discovery. This constituted a violation because GDPR defines a clear disclosure window of 72 hours for potential breaches or security incidents.

The latest case against WhatsApp is just one of several investigations the Irish DPC currently has on the go. As of February 2020, the Irish DPC was looking into 21 potential violations by multinational tech companies, including Facebook, Google and Tinder. The cases have since continued to rack up, including a probe against Facebook-owned Instagram after children were given the option to switch to a public-facing business account.

Many of these investigations have been ongoing for months and years, with several expected to come to a conclusion in 2021, much like the probe against WhatsApp.

The messaging service has, incidentally, come under fire recently for a controversial privacy update in which users were being asked to share their data with Facebook to continue using the service. Following widespread online criticism, and a shift among users to alternative platforms, WhatsApp delayed the controversial update for businesses.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Four tips for keeping your business secure during mass remote work
data protection

Four tips for keeping your business secure during mass remote work

19 Feb 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

2 Feb 2021
10 ways to protect your company from the next big data breach
data breaches

10 ways to protect your company from the next big data breach

28 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021