WhatsApp (the Facebook owned company) have been issued the second-largest fine of £193 million by the data protection commissioner, following an investigation into privacy regulations. WhatsApp have not been telling users how its data is shared with Facebook.
In addition to the fine, the office of the data protection commissioner (DPC) in Dublin has issued a ‘reprimand’ to WhatsApp and ordered it to bring its processing into compliance with EU standards.
The investigation began on 10/12/2018 and looked into whether WhatsApp had complied with its obligations under the EU’s GDPR regulation.
After Twitter was hit with a £386,000 penalty in 2020 over a security breach, WhatsApp’s fine is the second largest issued by the DPC. This has been one of the biggest fines relating to the General Data Protection Regulation.
The investigation into WhatsApp checked if they had met its transparency obligations around the provision of information to all. This included whether users had been provided with information about data sharing between WhatsApp and other Facebook companies.
WhatsApp said it disagrees with the decision, and the severity of the fine, and plans to appeal.
“WhatsApp is committed to providing a secure and private service,” a company spokesperson said.
‘We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.
‘We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.’
WhatsApp/Facebook has its EU headquarters is in Ireland, and the Irish regulator is the lead authority for the tech giant in Europe.
John Magee, Head of DLA Piper’s Privacy, Data Protection & Security practice in Ireland, commented: ‘The decision was not the DPC’s alone and showed the EU’s complex consistency and dispute resolution processes at work.
‘The fine highlights the importance of compliance with the GDPR’s rules on transparency in the context of users, non-users and data sharing between group entities.’
The increase in the size of the fine from a range of €30m-€50m first proposed by the DPC caught many people’s attention.
Read our last article on Microsoft ending Chromebook support for Office Android apps