The Irish Data Protection Commission (DPC) has imposed a fine of 225 million euros on WhatsApp for disregarding and violating data protection conditions from the GDPR. Since WhatsApp belongs to the Facebook Group, which is headquartered in Ireland, the authorities there are responsible for data protection violations by WhatsApp.
This is the result of a survey that started three years ago, when the GDPR came into force. Accordingly, the conditions that are being criticized are those as of 2018.
The Irish authority had originally Fine of 50 million euros However, following investigations by other European authorities, this had to be increased.
The fine is accompanied by a warning to WhatsApp to adapt its data collection to the requirements of the GDPR. In particular, the provision of information and the transfer of personal data between WhatsApp and other Facebook companies and their insufficient transparency is reprimanded. For example, WhatsApp has not provided users with enough information about how data from WhatsApp is processed within the Facebook group.
In the past, the Irish data protection authority was rather known for conducting inadequate investigations or remaining completely inactive and was therefore much criticized. There have even been various disputes at the European level with the management of the authority.
According to the DPC's original opinion, this penalty against WhatsApp should also be lower and even the penalty now imposed is only around 0.08 % of the Facebook group's turnover, while the GDPR fines and penalties up to an amount of 4 % of turnover. The criticism of the Irish data protection authority by data protectionists therefore remains.
Nevertheless, this fine is the second highest ever imposed under the GDPR, after the one imposed on Amazon in Luxembourg in July this year (€746 million).
WhatsApp itself reacted to the imposition of the fine by announcing that it would appeal the decision before the Irish Supreme Court or the European Court of Justice. WhatsApp wants to justify this by arguing that it is disproportionate, as the Irish data protection authority has never imposed such a high fine before. Considering the fact that WhatsApp has only 77.5 Millions of euros for potential fines the Group was also quite surprised by the record fine. WhatsApp also affirmed that it has always made its privacy policy as transparent as possible and will continue to do so.
English 
Deutsch 
Español 
Français 
Polski