WhatsApp fined €225 million over obscure data sharing policies

This finalised penalty is almost five times larger than the draft fine the Irish data regulator issued in December 2020

WhatsApp has been hit with a €225 million (approximately £193 million) GDPR fine for a lack of transparency in the way the service shares user data.

The penalty, which has been issued by the Irish Data Protection Commission (DPC) and approved by the European Data Protection Board (EDPB), is several times higher than the €50 million (roughly £43 million) draft fine the Irish data regulator issued in December last year.

Following a two-year investigation, WhatsApp was found to have been unclear about the way it had processed and shared data with Facebook, as well as between WhatsApp and other Facebook-owned companies.

Specifically, the investigation found that WhatsApp violated Article 14 of GDPR, which states that data controllers must provide data subjects with sufficient information about the way data is collected and processed.

The provisional €50 million fine, issued under the one-stop-shop principle, was submitted to the Irish regulator's European counterparts for approval once it was issued. Ireland’s data watchdog was chosen as the lead supervisory authority because WhatsApp is headquartered in the country.

After eight of its counterparts raised a dispute, the EDPB issued a binding decision in July with a “clear instruction” for the Irish DPC to increase its provisional fine.

Related Resource

Cloud migration of your data infrastructure

Explore why the most efficient way forward is data-driven

Rows of blue lights in a tunnel -whitepaper from AWSFree download

The regulator subsequently raised the level of its draft fine several times higher, alongside issuing requirements for WhatsApp to take steps to improve its GDPR compliance.

A summary published by the EDPB found the GDPR Article 14 infringements were “very serious in nature” and “severe in gravity”, with these violations amounting “to a high degree of negligence”.

WhatsApp has branded the fine “entirely disproportionate”, and claims it will appeal the penalty.

“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so," a WhatsApp spokesperson said. "We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision." 

This fine is likely to be the first of many the regulator will issue against Facebook and its subsidiaries, with the regulator currently working through a backlog of cases against big tech firms. The regulator is also investigating more than 10 complaints against Facebook-owned companies alone.

This is the biggest GDPR fine issued to date, although it might soon be dwarfed if a provisional €746 million (approximately £637 million) fine issued by Luxembourg’s regulator against Amazon is finalised.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
The technology powering the future of shopping
Technology

The technology powering the future of shopping

16 Sep 2021