Ireland’s data watchdog ruled against Facebook-owned WhatsApp. The most popular messaging app has been fined a record 225 million euros ($267 million) by the country’s Data Protection Commission for violating EU data privacy rules. According to the commission, WhatsApp did not tell citizens in the European Union enough about what it does with the data.
WhatsApp and its customers
The company’s spokesperson stated that the company plans to appeal the decision. It disagrees with the decision made by the regulator. The company also thinks that the penalties are entirely disproportionate. It is understandable that WhatApp is not happy with the decision. A $267 million fine is the largest penalty that the Irish regulator imposed for violating Europe’s GDPR.
The EU adopted General Data Protection Regulations or GDPR several years ago. GDPR replaced a previous law called the Data Protection Directive. The purpose of GDPR is to harmonize rules across the 28-nation EU bloc. It requires that companies are clear and up front about how they use customer data.
People have the ability to learn more about WhatsApp and its policies. They have to visit the FAQ section on its website. The company states that it shares phone numbers, transaction data, IP addresses, and other information with its parent company. But it does not share personal conversations, location data or call logs with Facebook.
Ireland is not alone as other countries are also trying to enforce GDPR. This summer, Luxembourg’s data regulator fined Amazon 746 million euros for violating GDPR rules. The country’s National Commission for Data Protection said the company’s processing of personal data didn’t comply with GDPR.
In 2019, France’s privacy regulator CNIL fined Google for GDPR ad violations. The privacy regulator said it imposed the fine for lack of transparency and inadequate information. It also mentioned a lack of valid consent regarding ads personalization. Two privacy groups filed complaints against Google in 2018. They claimed the company did not have a legal basis to process user data for ad personalization, as mandated by the GDPR.