The Republic of Ireland’s Data Protection Commission (DPC) imposed a record €225 million fine on Facebook’s WhatsApp for failures around transparency in how it handled users’ personal information, following a probe which began in 2018.
The DPC acts as Facebook’s lead regulator in the EU. In a statement it explained a lengthy and comprehensive investigation had found issues with how WhatsApp had processed users and non-users’ data, and whether the company had been compliant with the bloc’s GDPR obligations.
“This includes information provided to data subjects about processing of information between WhatsApp and other Facebook companies,” the DPC stated.
The fine is the largest to date by the Irish regulator, which added it had also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance “by taking a range of specified remedial actions”.
In response, WhatsApp argued the issues DPC found related to policies which were in place in 2018 and pledged to appeal the “disproportionate” fine.
“WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so”.
Under current GDPR rules, violations can result in fines of up to 4 per cent of a company’s global revenue.
Reuters reported DPC had 14 major probes into Facebook and subsidiaries WhatsApp and Instagram open at the end of 2020.