WhatsApp fined €225 million over obscure data sharing policies

This finalised penalty is almost five times larger than the draft fine the Irish data regulator issued in December 2020

WhatsApp has been hit with a €225 million (approximately £193 million) GDPR fine for a lack of transparency in the way the service shares user data.

The penalty, which has been issued by the Irish Data Protection Commission (DPC) and approved by the European Data Protection Board (EDPB), is several times higher than the €50 million (roughly £43 million) draft fine the Irish data regulator issued in December last year.

Following a two-year investigation, WhatsApp was found to have been unclear about the way it had processed and shared data with Facebook, as well as between WhatsApp and other Facebook-owned companies.

Specifically, the investigation found that WhatsApp violated Article 14 of GDPR, which states that data controllers must provide data subjects with sufficient information about the way data is collected and processed.

The provisional €50 million fine, issued under the one-stop-shop principle, was submitted to the Irish regulator's European counterparts for approval once it was issued. Ireland’s data watchdog was chosen as the lead supervisory authority because WhatsApp is headquartered in the country.

After eight of its counterparts raised a dispute, the EDPB issued a binding decision in July with a “clear instruction” for the Irish DPC to increase its provisional fine.

Related Resource

Cloud migration of your data infrastructure

Explore why the most efficient way forward is data-driven

Rows of blue lights in a tunnel -whitepaper from AWSFree download

The regulator subsequently raised the level of its draft fine several times higher, alongside issuing requirements for WhatsApp to take steps to improve its GDPR compliance.

A summary published by the EDPB found the GDPR Article 14 infringements were “very serious in nature” and “severe in gravity”, with these violations amounting “to a high degree of negligence”.

WhatsApp has branded the fine “entirely disproportionate”, and claims it will appeal the penalty.

“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so," a WhatsApp spokesperson said. "We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision." 

This fine is likely to be the first of many the regulator will issue against Facebook and its subsidiaries, with the regulator currently working through a backlog of cases against big tech firms. The regulator is also investigating more than 10 complaints against Facebook-owned companies alone.

This is the biggest GDPR fine issued to date, although it might soon be dwarfed if a provisional €746 million (approximately £637 million) fine issued by Luxembourg’s regulator against Amazon is finalised.

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021

Most Popular

Looking beyond the obvious: What’s best for multi-cloud?
Sponsored

Looking beyond the obvious: What’s best for multi-cloud?

8 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021