WhatsApp was on Thursday fined €225 million ($266 million) by the Irish data protection regulator after the EU privacy watchdog pressured Ireland to raise the penalty for the company’s privacy breaches.
Ireland’s Data Privacy Commissioner (DPC), the lead data privacy regulator for Facebook within the European Union, said the issues related to whether WhatsApp conformed with EU data rules about transparency in 2018.
“This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies,” the Irish regulator said in a statement.
A WhatsApp spokesperson said in a statement that the issues in question related to policies in place in 2018, adding that the company had provided comprehensive information.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” the spokesperson said.
The spokesperson added that the company would appeal.
EU privacy watchdog, the European Data Protection Board, said it had given several pointers to the Irish agency in July to address criticism from its peers for taking too long to decide in cases involving tech giants and for not fining them enough for any breaches.
It said a WhatsApp fine should take into account Facebook’s turnover and that the company should be given three months instead of six months to comply.
Ulrich Kelber, Germany’s federal commissioner for data protection and freedom of information, said Europe’s landmark privacy rules, known as GDPR, are finally showing some teeth even if the lead regulator for some tech giants appears otherwise.
“What is important now is that the many other open cases on WhatsApp in Ireland are finally decided on, so that we can take faster and longer strides towards the uniform enforcement of data protection law in Europe,” he told Reuters.
Data regulators from eight other European countries triggered a dispute resolution mechanism after Ireland shared its provisional decision in relation to the WhatsApp inquiry, which started in December 2018.
In July, a meeting of the European Data Protection Board issued a “clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained.
“Following this reassessment the DPC has imposed a fine of 225 million euros on WhatsApp,”the Irish regulator said.
The Irish regulator also reprimanded and ordered WhatsApp to bring its processing into compliance by taking “a range of specified remedial actions.”
The Irish regulator had 14 major inquiries into Facebook and its subsidiaries-WhatsApp and Instagram-open as of the end of 2020.
Austrian privacy campaigner, Max Schrems, who has taken on Facebook in several privacy cases, said the initial fine was €50 million.
Schrems said he would monitor the company’s appeal closely.
“It is to be expected that this case will now be before the Irish courts for years and it will be interesting if the DPC is actively defending this decision before the vourts, as it was forced to make such a decision by its EU colleagues at the EDPB,” he said.