- Ireland’s Data Protection Commission said WhatsApp did not tell EU citizens what the company does with their data.
- A WhatsApp spokesperson told Businesshala that the company plans to appeal.
Facebook-owned WhatsApp has been fined a record 225 million euros ($267 million) by Ireland’s data watchdog for breaching EU data privacy rules.
data protection commission of ireland said on thursday WhatsApp did not tell EU citizens what it does with their data.
The regulator said WhatsApp failed to tell Europeans how their personal information is collected and used, as well as how WhatsApp shares data with Facebook.
A WhatsApp spokesperson told Businesshala that the company plans to appeal.
“WhatsApp is committed to providing a secure and private service,” the spokesperson said. “We have worked to ensure that the information we provide is transparent and comprehensive and will continue to do so.”
“We disagree with today’s decision regarding the transparency it provided to the people in 2018 and the penalties are completely inconsistent,” the spokesperson said.
In a FAQ on its website, WhatsApp has said that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses and other information with Facebook. It says it does not share personal conversations, location data or call logs.
The WhatsApp fine is the largest ever awarded by an Irish regulator for violating Europe’s General Data Protection Regulation.
GDPR requires that companies be clear and unambiguous about how they use customer data.
The law – approved in April 2016 and implemented from 2018 – replaced a previous law called the Data Protection Directive and aims to harmonize rules in the 27-nation EU bloc.
Some Critics’ argument That EU regulators are too slow to enforce the law and issue penalties on Big Tech for failing to comply.
In July, Luxembourg’s data regulator fined Amazon 746 million euros for violating GDPR rules around the use of consumer data in advertising. The Luxembourg National Commission for Data Protection stated that Amazon’s processing of personal data does not comply with GDPR.
elsewhere, Google was fined 50 million euros by France’s privacy regulator, CNIL, in 2019 for GDPR advertising violations. CNIL said it had imposed the fine for “lack of transparency, insufficient information and lack of valid consent with respect to personalization of advertisements”.
Correction: An earlier version gave the wrong number for the nations in the European Union. It’s 27.