Popular messaging platform WhatsApp was fined a record €225 million ($267 million) on Thursday by Ireland’s data privacy watchdog for breaching EU data protection rules.
The Data Protection Commission (DPC) Thursday handed down the penalty on the Facebook-owned messaging service after a three-year investigation that found WhatsApp committed “severe” and “serious” violations of the EU’s General Data Protection Regulation.
“This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB's decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp,” the commission said in a statement.
“In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.”
The commissioner of the investigation, Helen Dixon, said WhatsApp provided only 41% of prescribed information to users and non-users, who primarily used other Facebook-owned services such as Messenger and Instagram and received no information on how their data would be used.
The service is guilty of violating four “very serious” infringements of the protection regulation, according to Dixon, who argued that such infringements go against the general principle of transparency and the fundamental rights of the individual to protect themselves against personal data breaches.
WhatsApp contested the ruling, calling the fine “entirely disproportionate” and argued that the company is committed to providing a secure service to its users.
“WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.” it said.
The investigation, launched in December 2018, examined whether WhatsApp had let go of its GDPR transparency obligations regarding the provision of information and transparency of that information to users and non-users of the service.