Data Protection & Privacy

Irish DPC fines WhatsApp €225 million over GDPR violation

The Irish Data Protection Commission (DPC) has fined Facebook-owned WhatsApp €225 million ($266 mn, £193 mn) over General Data Protection Regulation (GDPR) violation. This is the second-largest fine under the EU’s privacy rules. Previously in August, Luxemburg’s data protection authority slapped a record €746 million fine on Amazon.

A WhatsApp spokesperson told Reuters the fine was “entirely disproportionate” and that it would appeal. The penalty is much larger than the initial €50 million (£43 million) fine issued by the DPC in December last year.

In July this year, the European Data Protection Board (EDPB) met after eight DPCs raised objections to the initial fine. Subsequently, the EDPB issued a binding decision and instructed the Irish DPC to reassess and increase its proposed fine.

The Investigation and the Order

The investigation began in December 2018. The task before the DPC was to examine if WhatsApp discharged its transparency obligations under the GDPR – providing sufficient information to both users and non-users of its services, including information regarding how it processed and shared data with Facebook and other Facebook-owned firms.

The DPC arrived at a conclusion that WhatsApp did not clearly tell EU subjects about how it collects and uses their personal data. As such, it found WhatsApp to be in contravention of Article 14 of the GDPR. The Article provides that data controllers must provide data subjects with adequate information about how they gather and process data.

A summary published by the EDPB found the infringement to be very serious in nature. It amounts to “a high degree of negligence,” it said.

Pay the Fine, and Comply

Besides the fine, the DPC has given WhatsApp three months to clearly communicate its data collection and usage policies to the data subjects, in accordance with GDPR. This includes clearly informing non-users that their phone numbers may be uploaded to the app by their contacts.

You can read a copy of the decision here.

Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.

Rajat Chawda

Rajat is a student at the Institute of Law, Nirma University. Since a young age, he was fascinated by the technological advancements and his fascination with gadgets has helped him develop a keen interest in TMT Laws in his journey as a law student. He is associated with Mylawrd to further engage himself and learn in this area.

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.