Facebook’s WhatsApp was fined a record €225 million by the Irish data protection regulator today after the European Union privacy watchdog pressured Ireland to raise the penalty for the company’s privacy breaches.
WhatsApp said the fine was “entirely disproportionate” and that it would appeal. The Irish fine is significantly less than the record €746 million fine handed down to Amazon by the EU in July.
Ireland’s Data Privacy Commissioner, the lead data privacy regulator for Facebook within the European Union, said the issues related to whether WhatsApp conformed in 2018 with EU data rules about transparency.
“This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies,” the Irish regulator said.
A WhatsApp spokesman said that the issues in question related to policies in place in 2018 and the company had provided comprehensive information.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” the spokesman added.
Max Schrems, the Austrian privacy campaigner , who has taken on Facebook in several privacy cases, said the initial fine was €50 million.
The European Data Protection Board, the EU’s privacy watchdog, said it had given several pointers to the Irish agency in July to address criticism from its peers for taking too long to decide in cases involving large technology groups and for not fining them enough for any breaches.
It said a WhatsApp fine should take into account Facebook’s turnover and that the company should be given three months instead of six months to comply.
Europe’s landmark privacy rules, known as GDPR, are finally showing some teeth even if the lead regulator for some tech groups appears otherwise, Ulrich Kelber, Germany’s federal commissioner for data protection and freedom of information, said.
“What is important now is that the many other open cases on WhatsApp in Ireland are finally decided on so that we can take faster and longer strides towards the uniform enforcement of data protection law in Europe,” he said.
Data regulators from eight other European countries triggered a dispute resolution mechanism after Ireland shared its provisional decision in relation to the WhatsApp inquiry, which started in December 2018.
In July, a meeting of the European Data Protection Board issued a “clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained”, the Irish regulator said.
“Following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.”
The Irish regulator also reprimanded and ordered WhatsApp to bring its processing into compliance by taking “a range of specified remedial actions”.
The Irish regulator had 14 major inquiries into Facebook and its subsidiaries WhatsApp and Instagram open as of the end of last year.