WhatsApp fined €225 million for breaching EU privacy law

WhatsApp fined €225 million for breaching EU privacy law

Image:
WhatsApp fined €225 million for breaching EU privacy law

It's the second-largest fine ever handed out under the GDPR

Ireland's Data Protection Commission (DPC) has issued Facebook-owned WhatsApp a financial penalty of €225 million (about £193 million) for breaching European data privacy rules.

The data watchdog announced the decision on Thursday, noting that the messaging platform did not properly inform EU citizens about how it handles their personal data. The company also failed to tell users how it shares the information its collects with its parent company.

The DPC has ordered WhatsApp to tweak its privacy policy and change how it communicates with users about sharing their data with other firms.

The DPC's investigation began in December 2018, after the EU's GDPR came into force. The DPC says it examined 'whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp's service'.

Under European law, the Irish DPC acts as the lead regulator in cross-border data privacy cases dealing with Facebook and other tech firms with their European headquarters in Dublin.

The GDPR requires companies to be transparent with their customers about how they use customer data.

WhatsApp states in an FAQ on its website that it shares users' phone numbers, mobile device information, IP addresses, transaction data, business interactions and other information with Facebook.

It says it does not share location data, call logs or personal conversations with its parent firm.

In a statement to CNBC, a WhatsApp spokesperson said that the company is committed to provide a secure and private service to its users, and has worked over the years to ensure that the information provided to users is "transparent and comprehensive".

"We disagree with the decision today regarding the transparency we provided to people in 2018, and the penalties are entirely disproportionate," they added.

The company plans to appeal the decision.

This fine is the second-largest ever handed out under GDPR regulations.

In July this year, Luxembourg's data regulator gave Amazon a record €746 million (£635 million) fine for breaching EU privacy laws. Amazon said at the time that the decision was 'without merit' and that it would appeal the ruling.

In April this year, the DPC launched an inquiry into the Facebook over a data leak that allegedly exposed the personal details of about 533 million users.

If the DPC finds Facebook guilty, the company could face a financial penalty of up to four per cent of its $86 billion (£62 billion) global revenue.