IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WhatsApp fined €225 million over obscure data sharing policies

This finalised penalty is almost five times larger than the draft fine the Irish data regulator issued in December 2020

WhatsApp has been hit with a €225 million (approximately £193 million) GDPR fine for a lack of transparency in the way the service shares user data.

The penalty, which has been issued by the Irish Data Protection Commission (DPC) and approved by the European Data Protection Board (EDPB), is several times higher than the €50 million (roughly £43 million) draft fine the Irish data regulator issued in December last year.

Following a two-year investigation, WhatsApp was found to have been unclear about the way it had processed and shared data with Facebook, as well as between WhatsApp and other Facebook-owned companies.

Specifically, the investigation found that WhatsApp violated Article 14 of GDPR, which states that data controllers must provide data subjects with sufficient information about the way data is collected and processed.

The provisional €50 million fine, issued under the one-stop-shop principle, was submitted to the Irish regulator's European counterparts for approval once it was issued. Ireland’s data watchdog was chosen as the lead supervisory authority because WhatsApp is headquartered in the country.

After eight of its counterparts raised a dispute, the EDPB issued a binding decision in July with a “clear instruction” for the Irish DPC to increase its provisional fine.

Related Resource

Reinvention starts with cloud migration of your data infrastructure

Explore why the most efficient way forward is data-driven

Whitepaper cover with orange and grey coloured blocks and data graphicFree download

The regulator subsequently raised the level of its draft fine several times higher, alongside issuing requirements for WhatsApp to take steps to improve its GDPR compliance.

A summary published by the EDPB found the GDPR Article 14 infringements were “very serious in nature” and “severe in gravity”, with these violations amounting “to a high degree of negligence”.

WhatsApp has branded the fine “entirely disproportionate”, and claims it will appeal the penalty.

“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so," a WhatsApp spokesperson said. "We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision." 

This fine is likely to be the first of many the regulator will issue against Facebook and its subsidiaries, with the regulator currently working through a backlog of cases against big tech firms. The regulator is also investigating more than 10 complaints against Facebook-owned companies alone.

This is the biggest GDPR fine issued to date, although it might soon be dwarfed if a provisional €746 million (approximately £637 million) fine issued by Luxembourg’s regulator against Amazon is finalised.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022