WhatsApp could face €50 million GDPR fine

The messaging service failed to adequately inform users about how their data would be shared with Facebook

WhatsApp faces a fine of up to €50 million (roughly £44 million) for violations of GDPR in a preliminary judgement reached by the Irish data protection regulator and forwarded to European counterparts for review.

Under the Irish Data Protection Commission’s (DPC’s) draft findings, WhatsApp failed to live up to transparency requirements, and therefore might receive one of the largest GDPR penalties to date, according to Politico.

The preliminary ruling was made over a case in which WhatsApp was accused of not properly informing its EU users about how it would share their data with Facebook.

The judgement was determined in December 2020 before it was sent to fellow European data regulators to assess and agree upon. 

The penalty could fall in the region of between €30 million and €50 million while WhatsApp may be required to change how it handles user data, according to Politico. Once ratified, this would be the second judgement the Irish DPC will have made under the one-stop-shop principle.

Under this principle, multinational companies with potential violations that are cross-border in nature will be investigated by a lead supervisory authority on behalf of the wider EU. In this case, and in the case of many other tech companies, Irish regulators are nominated as the lead authority given these companies are based in Ireland.

Twitter was the first company the Irish DPC fined under the one-stop-shop principle for breaching GDPR rules. The firm was ordered to pay €450k (approximately £409,000) for alerting the watchdog to a series flaw on its platform nearly two weeks after its discovery. This constituted a violation because GDPR defines a clear disclosure window of 72 hours for potential breaches or security incidents.

The latest case against WhatsApp is just one of several investigations the Irish DPC currently has on the go. As of February 2020, the Irish DPC was looking into 21 potential violations by multinational tech companies, including Facebook, Google and Tinder. The cases have since continued to rack up, including a probe against Facebook-owned Instagram after children were given the option to switch to a public-facing business account.

Many of these investigations have been ongoing for months and years, with several expected to come to a conclusion in 2021, much like the probe against WhatsApp.

The messaging service has, incidentally, come under fire recently for a controversial privacy update in which users were being asked to share their data with Facebook to continue using the service. Following widespread online criticism, and a shift among users to alternative platforms, WhatsApp delayed the controversial update for businesses.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Four tips for keeping your business secure during mass remote work
data protection

Four tips for keeping your business secure during mass remote work

19 Feb 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

2 Feb 2021
10 ways to protect your company from the next big data breach
data breaches

10 ways to protect your company from the next big data breach

28 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Oxford University COVID lab falls victim to hackers
hacking

Oxford University COVID lab falls victim to hackers

26 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021