WhatsApp Sanctioned with €5.5 Million Over Enforcing Data-Processing Update
The Fine Was Imposed by Irish Authorities in Alignment with Data Protection Laws.
On Thursday, 19 January 2023, The Irish Data Protection Commission (DPC) announced a fine of €5.5 million for WhatsApp over breaking privacy laws when handling users’ private information.
Why the Fine Was Issued?
The issue of the fine is an update dating from May 2018, just days before the General Data Protection Regulation (GDPR). In that update for WhatsApp’s Terms of Service, users were summoned to agree to the new terms, otherwise they will lose access to the messaging platform.
NOYD, a privacy non-profit organization, filed the complaint cautioning that WhatsApp breached data protection laws by compelling its users to “consent to the processing of their personal data for service improvement and security” and “making the accessibility of its services conditional on users accepting the updated Terms of Service”, according to The Hacker News.
Adding to the fine, DPC urged the messaging application to comply with the law in the next six months, considering the data collected so far as a contravention of GDPR rules.
Not a Total Win
But this investigation does not refer to the use of the collected data for advertising.
MYOB criticized the Irish authorities for it, saying that WhatsApp has access to a lot of details that can be used for targeted ads.
WhatsApp says it’s encrypted, but this is only true for the content of chats – not the metadata. WhatsApp still knows who you chat with most and at what time. This allows Meta to get a very close understanding of the social fabric around you. Meta uses this information to, for example, target ads that friends were already interested in.
This is why NOYB addressed the European Data Protection Board (EDPB), explaining that the fine has been miscalculated with about €4 billion less by DCP not taking into consideration the revenues made from breaching GDPR.
We are astonished how the DPC simply ignores the core of the case after a 4.5 year procedure. The DPC also clearly ignores the binding decision of the EDPB. It seems the DPC finally cuts loose all ties with EU partner authorities and with the requirements of EU and Irish law.
A String of Mistakes
This comes after Meta was fined with €110 million, in 2017, by the E.U for offering false information during the investigation about the acquisition of WhatsApp that took place in 2014.
The current penalty follows another fine issued by DPC for Meta: a €390 million fine for its manipulation of user data for delivering tailored adverts.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.