WhatsApp has been fined a record $267 million for violating user privacy by exchanging data with other Facebook companies.
LONDON, UK — After an investigation, Ireland's data protection authority penalised WhatsApp a record 225 million euros ($267 million) for violating tough European Union data protection regulations on transparency about sharing people's data with other Facebook companies.
The Data Protection Commission also ordered WhatsApp to take "remedial procedures" to improve the way it communicates with users in order to comply with EU legislation, according to a statement released on Thursday. WhatsApp, which has a global user base of 2 billion people, said the fine was excessive and that it will fight the judgement.
The announcement by the watchdog brings to a close an inquiry into the Facebook-owned messaging app that began in December 2018, shortly after the EU's General Data Protection Regulation, or GDPR, went into force. It's the Irish watchdog's second – and most serious – penalty under GDPR. It punished Twitter 450,000 euros last year for a security infraction.
In a press release, WhatsApp stated, “WhatsApp is committed to offering a secure and private service.” “We've worked hard to make sure the information we provide is clear and thorough, and we'll keep doing so. We disagree with today's ruling on the transparency we offered in 2018, and the sanctions are completely disproportionate.”
WhatsApp has been chastised for its overly long and confusing privacy regulations, but the verdict could mean that they become even longer and more thorough.
The Irish authority serves as the lead regulator in cross-border data protection cases for WhatsApp and many other big internet companies with European headquarters in Dublin, according to GDPR.
The Irish fine is also the EU's second-largest under GDPR, after only Luxembourg's 746 million euro penalties to Amazon for data protection infractions in July.
A draught of the Irish judgement, which purportedly called for a 50 million euro fine, was circulated with authorities in other EU member states in order to consider their views. Eight national privacy watchdogs complained, indicating the complexities of cross-border privacy disputes and the backstage haggling required to resolve them. As a result, the case was forwarded to the EU's independent oversight body for GDPR, which increased the penalty to 225 million euros.
About a half-dozen more investigations into giant digital corporations like Google, Twitter, and Facebook are still active, including a second case involving WhatsApp, according to the Irish Data Protection Commission.