IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WhatsApp could face €50 million GDPR fine

The messaging service failed to adequately inform users about how their data would be shared with Facebook

WhatsApp faces a fine of up to €50 million (roughly £44 million) for violations of GDPR in a preliminary judgement reached by the Irish data protection regulator and forwarded to European counterparts for review.

Under the Irish Data Protection Commission’s (DPC’s) draft findings, WhatsApp failed to live up to transparency requirements, and therefore might receive one of the largest GDPR penalties to date, according to Politico.

The preliminary ruling was made over a case in which WhatsApp was accused of not properly informing its EU users about how it would share their data with Facebook.

The judgement was determined in December 2020 before it was sent to fellow European data regulators to assess and agree upon. 

The penalty could fall in the region of between €30 million and €50 million while WhatsApp may be required to change how it handles user data, according to Politico. Once ratified, this would be the second judgement the Irish DPC will have made under the one-stop-shop principle.

Under this principle, multinational companies with potential violations that are cross-border in nature will be investigated by a lead supervisory authority on behalf of the wider EU. In this case, and in the case of many other tech companies, Irish regulators are nominated as the lead authority given these companies are based in Ireland.

Twitter was the first company the Irish DPC fined under the one-stop-shop principle for breaching GDPR rules. The firm was ordered to pay €450k (approximately £409,000) for alerting the watchdog to a series flaw on its platform nearly two weeks after its discovery. This constituted a violation because GDPR defines a clear disclosure window of 72 hours for potential breaches or security incidents.

The latest case against WhatsApp is just one of several investigations the Irish DPC currently has on the go. As of February 2020, the Irish DPC was looking into 21 potential violations by multinational tech companies, including Facebook, Google and Tinder. The cases have since continued to rack up, including a probe against Facebook-owned Instagram after children were given the option to switch to a public-facing business account.

Many of these investigations have been ongoing for months and years, with several expected to come to a conclusion in 2021, much like the probe against WhatsApp.

The messaging service has, incidentally, come under fire recently for a controversial privacy update in which users were being asked to share their data with Facebook to continue using the service. Following widespread online criticism, and a shift among users to alternative platforms, WhatsApp delayed the controversial update for businesses.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022