The Facebook-owned messaging service, WhatsApp has been fined a record €225mln by Ireland’s data watchdog for breaching EU data privacy rules, according to CNBC.
Ireland’s Data Protection Commission said Thursday that WhatsApp did not tell citizens in the European Union enough about what it does with their data.
The regulator said WhatsApp failed to tell Europeans how their personal information is collected and used, as well as how WhatsApp shares data with Facebook.
A WhatsApp spokesperson told CNBC that the company plans to appeal the decision.
“WhatsApp is committed to providing a secure and private service. (…) We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so,” said the spokesperson.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” the spokesperson added.
In an FAQ on its website, WhatsApp states that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses and other information with Facebook. It does not, however, share personal conversations, location data or call logs.
The WhatsApp fine is the largest penalty that the Irish regulator has handed out for violations of Europe’s General Data Protection Regulation (GDPR).
GDPR requires that companies are clear and upfront about how they use customer data.
The legislation was approved in April 2016 and was enforced since 2018. It replaced a previous law called the Data Protection Directive and is aimed at harmonizing rules across the 28-nation EU bloc.
Some critics argue that EU regulators have been too slow to impose the law and issue penalties on Big Tech for failing to comply.
In July, Luxembourg’s data regulator fined Amazon €746mln for breaching GDPR rules around the use of consumer data in advertising. The Luxembourg National Commission for Data Protection said Amazon’s processing of personal data did not comply with GDPR.
Google was fined €50mln by France’s privacy regulator, CNIL, in 2019 for GDPR ad violations. CNIL said it had levied the fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalization”.