News

WhatsApp Receives Fine Worth $267m for Breaching EU’s Data Privacy Law

Richard Marley
September 03, 2021
2 minutes read
152

Ireland’s Data Protection Commission has stated that WhatsApp failed to inform EU citizens sufficiently about what the company does with their data.

Ireland’s data protection watchdog has fined Facebook-owned messaging application, WhatsApp, a record 225 million euros ($267 million) for breaching the EU’s data privacy rules.

On Thursday, 2nd September, Ireland’s Data Protection Commission announced that WhatsApp did not inform EU citizens enough about what it does with their data.

The regulator says WhatsApp failed to tell Europeans how their personal information is collected and used by the company, nor did it inform the end-users regarding its data-sharing criteria with Facebook.

The platform, used by over 2 billion individuals worldwide, has been ordered by the watchdog to strengthen its privacy policies and the way it communicates with users to ensure it complies with Europe’s privacy law. Consequently, WhatsApp may have to expand its privacy policy, which some customers and companies have already criticized for being too long and complex.

On the other side, a WhatsApp spokesperson told CNBC that the company plans to appeal the penalty.

WhatsApp says it will appeal. “We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” a spokesman said.

— Sam Schechner (@samschech) September 2, 2021

In the FAQ section on WhatsApp’s website, the company states that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses and other information with Facebook. It says it does not share personal conversations, location data or call logs.

The $267 million fine levied on WhatsApp is the largest penalty that the Irish authorities have handed out for breaching Europe’s General Data Protection Regulation.

GDPR mandates companies to clearly inform and remain upfront with customers about how they use their data.

Back in 2019, France’s privacy regulators CNIL fined Google 50 million euros for GDPR ad violations. CNIL said it had charged the fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalization.”

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Increasing Incidents of Fraud Becoming a Threat to UK’s National Security: UK Finance
Automated systems prevented approximately 736 million pounds ($1 billion) from being stolen through fraudulent means in the first half of 2021.

According to a Reuters report published on Wednesday (Sept. 22), UK Finance has stated that the rising incidents of fraud observed in the e-commerce and online banking sector since the start of the COVID-19 pandemic are slowly becoming “a national security threat”.

The banking industry lobby group UK Finance said that government-backed schemes have become a need of the hour to counter the rising financial crime threats.

Government-coordinated action is needed as criminals have shifted their focus to exploit weaknesses outside the banking system, according to UK Finance’s latest fraud report which covers the first half of 2021.

Read more here: https://t.co/kiWNaBxmjt pic.twitter.com/8b4N6xgafS

— UK Finance (@UKFtweets) September 22, 2021

In the first half of 2021, criminals stole nearly 754 million pounds ($1.03 billion) through bank fraud. This amount represents a 30% rise in bank-related fraud compared to the same time period in 2020, reveals a UK Finance report.

Among the rising fraud schemes was Authorized Push Payment (APP) fraud, whereby customers make payments to criminals, thinking they are legitimate entities. APP fraud went up by 71% in 2021, the report said, moving ahead of card-based fraud for the first time.

Additionally, the UK Finance’s report shows 70% of APP scams were based online and highlighted a rise in the number of online ads that seek individuals as young as 14 to turn them into so-called “money mules” for illegal activities.

The banking group asserted the need for government action through a planned Online Safety Bill, which currently does not include online ads.

“The level of fraud in the U.K. is such that it is now a national security threat,” said Katy Worobec, Managing Director for economic crime at UK Finance, in the report. “The banking sector cannot solve this on its own.”

The report further encouraged the use of automated solutions for combating financial crime, stating that bank security systems prevented approximately 736 million pounds ($1 billion) from being stolen through fraudulent means in the first half of 2021.

Last week, the Financial Conduct Authority stated that the UK lost about 570 million pounds ($778 million) in investment fraud through April 2021, an amount that makes three times the 2018 total.

Suggested Read: UK Exposed to Significant Trade-based Money Laundering Risks Post-Brexit

Recent Posts

Blog
The State of KYC/AML Compliance in Commonwealth of Independent States (CIS) Region
Commonwealth of Independent States (CIS) is among the largest regions of the world with numerous opportunities for businesses. However, the crime rate in the region is significantly high, so CIS holds many threats for the corporate sector as well. Different reports reveal that companies higher risks associated with their customer onboarding process. Not paying attention to improving the procedures and ineffectively complying with the regulations may lead to high penalties or total seizure of business activities. Given the high ratio of fraudulent activities and rigid KYC/AML requirements, countries in this region have to structure top-notch customer onboarding processes. Otherwise, fines will continue to increase.

This blog highlights key aspects of the customer onboarding procedures that must be robust enough to screen every entity accurately along with the regulatory landscape in the CIS region.

What is CIS?

The CIS or Commonwealth of Independent States is an intergovernmental organization that oversees the economic and political situation in the 11 post-Soviet republics, including Belarus, Armenia, Kazakhstan, Kyrgyzstan, Azerbaijan, Russia, Moldova, Uzbekistan, Tajikistan, Turkmenistan, and Ukraine. Previously, Georgia was also a member of the CIS.

A Glimpse of the Regulatory Landscape in CIS

Complying with the AML and data protection regulations is mandatory for every business operating in the CIS region. However, the degree of compliance depends upon the region of registration of businesses. If a company is registered in the CIS region, the regulatory requirements are significantly higher tha companies registered in any other part of the world.

For international businesses, it may be convenient to develop a single onboarding process. However, companies have to consider CIS-specific laws before stepping into the region with the same procedure. Otherwise, this will lead to hefty non-violation penalties for not complying with the CIS regulations. For example, Russian authorities have the authority to restrict business operations as a result of data breaches. In some cases, fines may be imposed of up to 18 m RUB (approximately 240,000 dollars).

Regional Specifics Hindering the Customer Onboarding Process

Certain regional issues also become a problem for businesses while developing the perfect customer onboarding process. Here are the top five regional specifics that demand utmost attention from the relevant authorities:

Politics

Screening of this region’s customers against sanction lists must be a priority for businesses due to the large number of blacklisted entities that launder money abroad. The FinCEN files also revealed that wealthy officials from post-Soviet states laundered billions through major banks worldwide. Andriy Klyuyev, advisor to the former Ukrainian President, was also among them. The guilty was sanctioned in the EU in 2014 but continued laundering money through American banks until 2015.

High Risk of Fraud

The CIS region demands robust KYC checks due to the high rate of fraud in the region. The largest financial companies are not safe from perpetrators. Last year, a Moldovan politician was probed for stealing USD 1 billion from three largest banks in Moldova.

Document Language

Do you know a majority of the CIS states use non-Latin writing systems like the Armenian scripts? During verification, extracting and processing data from identity documents takes most of the time and effort. Therefore, businesses in the region need an AI-powered Optical Character Recognition (OCR) software that can extract data and convert it into non-Latin or machine-readable language in no time.

Data Protection Rules

Businesses must store all the information of end-users on servers in Uzbekistan, Kazakhstan and Russia. For instance, a company in the United States onboarding customers from Russia cannot store information in the US.

Limited AML Coverage

AML service providers in this region have limited coverage since they do not have access to local databases. To ensure secure customer onboarding, businesses must ensure their vendor has access to all databases.

Developing the Perfect Onboarding Process with Shufti Pro

Given all the challenges and concerns in the customer onboarding process, Shufti Pro’s identity verification solutions help businesses onboard legitimate entities only. Let’s take a look at how the CIS region can benefit from the globally acclaimed customer onboarding process.

Document Verification

The government-issued identity documents are verified for manipulation. The system checks the name, number, blood group, hair colour, residence, place of birth, citizenship, tax number, health number, birth certificate number, and employment details. The document is validated for forgery and tampering in three easy steps; capture, extract, and screen.

Shufti Pro’s document verification supports 3000+ document types in more than 150 languages and employs AI-backed OCR software to extract data from the ID documents.

Face Verification

To ensure the live presence of the customer and prevent spoof attacks, face verification checks are performed. The customer uploads a selfie during verification which is matched with the image on the ID document uploaded earlier. Liveness detection, 3D mapping, microexpression analysis, and skin texture analysis are some checks performed for a foolproof face verification.

Background Checks

All customers are screened against 1700+ global watchlists including sanctions and PEPs. Background screening identifies high-risk entities enabling businesses to carry out necessary due diligence checks.

Key Takeaways

To sum up, the Commonwealth of Independent States (CIS) region has the highest rate of fraud, as compared to other parts of the world. From sophisticated fraud techniques to regulatory limitations for overseas businesses, there are several reasons behind the exponentially high fraud statistics. To make sure these activities do not increase, the customer onboarding process in every organisation must be robust enough to filter bad actors before they become a problem. Considering the challenges in this region, Shufti Pro’s globally acclaimed customer onboarding process is what companies need for seamless operations in Commonwealth of Independent States. AI-driven document verification, face verification, and anti-money laundering (AML) screening assists in legitimate customer onboarding.

Want to know how our solutions work? Get our 7-day free trial right away!

Try Now

WhatsApp Receives Fine Worth $267m for Breaching EU’s Data Privacy Law

A Glimpse of the Regulatory Landscape in CIS

Regional Specifics Hindering the Customer Onboarding Process

Politics

High Risk of Fraud

Document Language

Data Protection Rules

Limited AML Coverage

Developing the Perfect Onboarding Process with Shufti Pro

Document Verification

Face Verification

Background Checks

Key Takeaways

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.

WhatsApp Receives Fine Worth $267m for Breaching EU’s Data Privacy Law

What is CIS?

A Glimpse of the Regulatory Landscape in CIS

Regional Specifics Hindering the Customer Onboarding Process

Politics

High Risk of Fraud

Document Language

Data Protection Rules

Limited AML Coverage

Developing the Perfect Onboarding Process with Shufti Pro

Document Verification

Face Verification

Background Checks

Key Takeaways

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.