WhatsApp fined €225M over GDPR issues

The Irish Data Protection Commission has fined WhatsApp €225 million over data sharing transparency for European Union users’ data with Facebook.

The Irish Data Protection Commission has fined WhatsApp €225 million for the lack of transparency on how it shares European Union users’ data with Facebook companies.

The instant messaging company violated the actual General Data Protection Regulation (GDPR).

“The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into WhatsApp Ireland Ltd. The DPC’s investigation commenced on 10 December 2018 and it examined whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service. This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.” reads the announcement published by the Irish Data Protection Commission.

The Irish Data Protection Commission is currently investigating more than two dozen big tech companies. 

WhatsApp considers the fine disproportionate because it has already complied with transparency requirements years ago, the company pointed out it was “committed to providing a secure and private service.”

“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.” said WhatsApp.

The Irish agency is also asking the company to bring the data sharing in compliance with the GDPR.

The Irish agency initially proposed a €50 million fine for WhatsApp ($59.3 million) for violating GDPR, but under the pressure of other European Agencies, such as the German one, it decided to increase the fine.

Recently another tech giant, Amazon, faced a record $888 million fine over GDPR violation.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, GDPR)

[adrotate banner=”5″]

[adrotate banner=”13″]