WhatsApp could face €50 million GDPR fine

The messaging service failed to adequately inform users about how their data would be shared with Facebook

WhatsApp faces a fine of up to €50 million (roughly £44 million) for violations of GDPR in a preliminary judgement reached by the Irish data protection regulator and forwarded to European counterparts for review.

Under the Irish Data Protection Commission’s (DPC’s) draft findings, WhatsApp failed to live up to transparency requirements, and therefore might receive one of the largest GDPR penalties to date, according to Politico.

The preliminary ruling was made over a case in which WhatsApp was accused of not properly informing its EU users about how it would share their data with Facebook.

The judgement was determined in December 2020 before it was sent to fellow European data regulators to assess and agree upon. 

The penalty could fall in the region of between €30 million and €50 million while WhatsApp may be required to change how it handles user data, according to Politico. Once ratified, this would be the second judgement the Irish DPC will have made under the one-stop-shop principle.

Under this principle, multinational companies with potential violations that are cross-border in nature will be investigated by a lead supervisory authority on behalf of the wider EU. In this case, and in the case of many other tech companies, Irish regulators are nominated as the lead authority given these companies are based in Ireland.

Twitter was the first company the Irish DPC fined under the one-stop-shop principle for breaching GDPR rules. The firm was ordered to pay €450k (approximately £409,000) for alerting the watchdog to a series flaw on its platform nearly two weeks after its discovery. This constituted a violation because GDPR defines a clear disclosure window of 72 hours for potential breaches or security incidents.

The latest case against WhatsApp is just one of several investigations the Irish DPC currently has on the go. As of February 2020, the Irish DPC was looking into 21 potential violations by multinational tech companies, including Facebook, Google and Tinder. The cases have since continued to rack up, including a probe against Facebook-owned Instagram after children were given the option to switch to a public-facing business account.

Many of these investigations have been ongoing for months and years, with several expected to come to a conclusion in 2021, much like the probe against WhatsApp.

The messaging service has, incidentally, come under fire recently for a controversial privacy update in which users were being asked to share their data with Facebook to continue using the service. Following widespread online criticism, and a shift among users to alternative platforms, WhatsApp delayed the controversial update for businesses.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022