WhatsApp Receives Fine Worth $267m for Breaching EU’s Data Privacy Law

Ireland’s Data Protection Commission has stated that WhatsApp failed to inform EU citizens sufficiently about what the company does with their data.

Ireland’s data protection watchdog has fined Facebook-owned messaging application, WhatsApp, a record 225 million euros ($267 million) for breaching the EU’s data privacy rules.

On Thursday, 2nd September, Ireland’s Data Protection Commission announced that WhatsApp did not inform EU citizens enough about what it does with their data.

The regulator says WhatsApp failed to tell Europeans how their personal information is collected and used by the company, nor did it inform the end-users regarding its data-sharing criteria with Facebook.

The platform, used by over 2 billion individuals worldwide, has been ordered by the watchdog to strengthen its privacy policies and the way it communicates with users to ensure it complies with Europe’s privacy law. Consequently, WhatsApp may have to expand its privacy policy, which some customers and companies have already criticized for being too long and complex.

On the other side, a WhatsApp spokesperson told CNBC that the company plans to appeal the penalty. 

WhatsApp says it will appeal. “We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” a spokesman said.

— Sam Schechner (@samschech) September 2, 2021

In the FAQ section on WhatsApp’s website, the company states that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses and other information with Facebook. It says it does not share personal conversations, location data or call logs.

The $267 million fine levied on WhatsApp is the largest penalty that the Irish authorities have handed out for breaching Europe’s General Data Protection Regulation.

GDPR mandates companies to clearly inform and remain upfront with customers about how they use their data.

Back in 2019, France’s privacy regulators CNIL fined Google 50 million euros for GDPR ad violations. CNIL said it had charged the fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalization.”

Suggested Read: Online Privacy, Security & Inclusivity in a Digital World: Congress Hearing 2021