WhatsApp Ireland fined record €225m for GDPR breaches

2 Sep 2021

Image: © Jirapong/Stock.adobe.com

The decision concludes an investigation that began nearly three years ago looking at possible breaches in data and transparency regulations.

WhatsApp Ireland has today (2 September) been issued the largest ever fine by the Irish Data Protection Commission (DPC). The company is required to pay €225m for breaches in under the General Data Protection Regulation, or GDPR.

This follows a binding decision by the European Data Protection Board (EDPB) on 28 July which required the DPC to increase its proposed fines based on a number of factors.

It concludes the DPC’s investigation which began on 10 December 2018, shortly after the introduction of GDPR in Ireland.

The investigation examined whether WhatsApp complied with the GDPR’s transparency obligations in terms of providing information to both users and non-users of its service.

In December 2020, the DPC submitted a draft decision to other concerned supervisory authorities within Europe but eight of these rejected aspects of the draft.

As the DPC was unable to reach a consensus with these bodies, the draft was sent to the EDPB. This is how the DPC arrived at the record-breaking figure.

“This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision,” wrote the DPC.

“In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.”

WhatsApp has been under a magnifying glass throughout this year due to concerns surrounding GDPR. In July 2021, the EDPB submitted a request that the DPC conduct an investigation following a case taken by the data protection authority for the German state of Hamburg.

In May, the Commissioner for Data Protection and Freedom of Information in Hamburg had temporarily banned Facebook Ireland from processing personal data from WhatsApp for its own purposes.

Issues have been rampant since the start of 2021 when the messaging service planned to bring in new privacy updates in February. This was delayed until May, as WhatsApp said there was “a lot of misinformation causing concern and we want to help everyone understand our principles and the facts”.

Sam Cox is a journalist at Silicon Republic covering sci-tech news

editorial@siliconrepublic.com