WhatsApp, a subsidiary of Facebook Inc., was fined 225 million euros ($266 million) for failing to be honest about how it handled personal data, the company’s first fine under the European Union’s new data privacy law.
The Irish Data Protection Commission, Europe’s top Silicon Valley privacy watchdog, identified flaws in WhatsApp’s explanations of how it handled data from users and non-users, as well as how data was transferred between WhatsApp and other Facebook firms.
Authorities can penalise corporations up to 4% of their annual revenue under the three-year-old GDPR statute. The laws entrust oversight to watchdogs headquartered in a company’s selected EU center. However, the Irish regulator has come under fire for taking too long to close at least 28 privacy investigations into internet companies including Apple Inc. and Alphabet Inc.’s Google.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” a WhatsApp spokesperson said. “We will appeal this decision.”
The Irish regulator also stated that the messaging service will be required to take corrective action in order to bring their data processing communication in line with the law. Making it clearer how users can file a complaint with a supervisory authority is one example of this. Aljazeera reported.
In November, WhatsApp said in an Irish regulatory filing that it had set aside 77.5 million euros to cover potential fines stemming from at least two investigations by Ireland’s data protection authority.
In a statement released Thursday, the European Data Protection Board, a group of EU data authorities, said it advocated for a greater privacy fine for WhatsApp, which led to Ireland’s penalty.
The Irish watchdog’s first draft of the fine judgment was derailed by various concerns from EU peers, including “the appropriateness of the intended corrective actions.”
The sanction comes as WhatsApp faces increased scrutiny over policy changes it announced in January. After a backlash from users and regulators about what data the messaging service collects and how it distributes that information with its parent Facebook, it was forced to postpone the makeover until May.
The European Data Protection Board, a body of EU authorities, stated in July that the Irish privacy watchdog should investigate Facebook’s activities related to WhatsApp data “as a matter of priority.”