Sep 2, 2021
Laura Berrill

WhatsApp fined $267 million in EU privacy breach

Data
Analytics
Cybersecurity
Technology
WhatsApp has been fined record $267 million for breaching EU privacy rules

WhatsApp, owned by Facebook, has been fined a record 225 million euros ($267 million) by Ireland’s data watchdog for breaching EU data privacy rules.

Ireland’s Data Protection Commission said today WhatsApp did not tell citizens in the European Union enough about what its data is used for and what it does with it.

Allegations of a failure to disclose

The regulator said WhatsApp had failed to tell other Europeans how their personal information is collected and used - as well as how WhatsApp shares data with the other social media giant, Facebook.

It has ordered the platform, used by two billion people worldwide, to tweak its privacy policies and how it communicates with users so that it complies with Europe’s privacy law. As a result of this, WhatsApp may have to expand its privacy policy, which already some users and companies have criticised for being overly long and complex.

A WhatsApp spokesperson has said the company plans to appeal.

The statement said: “WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.”

It went on: “We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

No revelation of personal data, says WhatsApp

WhatsApp states on its website that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses and other information with Facebook. It says it does not share personal conversations, location data or call logs.

The WhatsApp fine is the largest penalty that the Irish regulator has handed out for violations of Europe’s General Data Protection Regulation, or GDPR.

The legislation — approved in April 2016 and enforced since 2018 — replaced a previous law called the Data Protection Directive and is aimed at harmonizing rules across the 27-nation EU bloc.

Some critics argue that EU regulators have been too slow to impose the law and issue penalties on Big Tech for failing to comply.

 

Share article