The Data Protection Commission (DPC) has fined WhatsApp Ireland €225m for infringements of data protection rules. The DPC in Ireland concluded its comprehensive GDPR investigation into WhatsApp Ireland. It is the largest fine ever imposed by the DPC. It is the second largest penalty ever levied on an organisation under EU data laws.
The investigation started in December 2018 and examined whether WhatsApp has ignored its GDPR transparency obligations. The DPC was particularly concerned with the sharing of information with other Facebook companies. The agency also examined the transparency of information provided to both users and non-users of WhatsApp’s service. This includes information provided to customers about the processing of data between WhatsApp and other Facebook companies.
On 28 July, the European Data Protection Board (EDPB) adopted a binding decision and notified the DPC. This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine. On the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.
In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.
Enterprise Times: What this means for business?
WhatsApp Ireland Ltd parent company Facebook is expected to appeal the decision of the DPC Ireland. Facebook has not yet formally responded to the investigation. However, the fine of €225 million demonstrates that European regulators are taking their privacy responsibilities seriously. All businesses need to take note.
In the past, the Irish regulators were under increasing pressure from other European regulators and the European Parliament for failing to enforce GDPR rules on Big Tech. Furthermore, the Irish DPC has already faced a judicial review at Ireland’s High Court over its handling of its GDPR cases against Facebook. An estimated €272.5 million of fines were imposed for a wide range of infringements of EU’s data protection laws across all members in 2020.