Ireland’s Data Protection Commission (DPC) has announced that it’s fining WhatsApp €225 million due to violations of GDPR which came into force across the European Union several years ago. Today’s decision is the end of an investigation that began on December 10, 2018, and took several twists and turns in the period since.
The investigation set out to seek whether WhatsApp had met its transparency obligations under GDPR which require it to supply requested information to both users and non-users of its service.
Following a comprehensive investigation, the DPC provided its draft report to all Concerned Supervisory Authorities (CSAs) in December 2020 where objections were received from eight of the CSAs. The DPC and the CSAs were unable to come to a consensus on the issue which triggered a dispute resolution process on June 3, 2021.
At the end of July, the European Data Protection Board told DPC to reassess and increase its proposed fine; the new fine WhatsApp will now face is €225 million. The DPC has also ordered WhatsApp to bring its data processing into compliance with GDPR rules.
The latest fine from Europe should act as a reminder to companies that they must strictly adhere to GDPR rules when operating in EU countries. At the time of writing, Facebook’s stock price had fallen 0.77%.