Ireland’s privacy watchdog has fined WhatsApp a record 225 million euros ($267 million) after an investigation found it breached stringent European Union data protection rules on transparency about sharing people’s data with other Facebook companies.
The Data Protection Commission said Thursday that it was also ordering WhatsApp to take “remedial actions” so that its data processing complies with the EU rules. WhatsApp said the fine was out of proportion and it would appeal the decision.
The watchdog’s announcement wraps up an investigation into the Facebook-owned messaging service that opened in December 2018, after the EU rules, known as General Data Protection Regulation, or GDPR, took effect. It’s the second penalty – and the biggest – issued by the Irish watchdog under GDPR. Last year it fined Twitter 450,000 euros for a security breach.
“WhatsApp is committed to providing a secure and private service,” the company said in a press statement. “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”
The commission said the case examined whether Facebook followed GDPR requirements to be transparent for both users and those who didn’t use its service, including how people’s data is processed between WhatsApp and other Facebook companies.
Under GDPR, the Irish watchdog acts as the lead regulator in cross-border data privacy cases for WhatsApp and many other big tech companies that have their European headquarters in Dublin.