The Irish Data Protection Commission (DPC) has issued a € 225 million fine to WhatsApp for breaching EU GDPR rules. The fine is linked to an investigation started in 2018 on the lack of transparency on the processing of user data.
In a press release relating to its decision, the Irish DPC notes:
“The Data Protection Commission (DPC) announced today the conclusion of a GDPR investigation conducted on WhatsApp Ireland Ltd. The DPC investigation began on 10 December 2018 and examined whether WhatsApp has fulfilled its GDPR transparency obligations in this regard. the provision of information and the transparency of such information for both users and non-users of the WhatsApp service. This includes information provided to data subjects on the processing of information between WhatsApp and other Facebook companies “.
The press release also mentions how the DPC’s draft decision on the December 2020 investigation received objections from eight concerned supervisory authorities (CSAs). A BBC report reveals that the CSAs had expressed their disagreement with the Irish regulator over which articles of the GDPR WhatsApp had breached and how the regulator calculated the proposed € 30-50 million fine, which was subsequently re-evaluated in 225 million.
In response to the fine, a WhatsApp spokesperson shared the following statement:
“We have worked to ensure that the information we provide is transparent and complete and will continue to do so. We disagree with today’s decision on transparency that we provided to people in 2018 and the penalties are totally disproportionate. “
