Contents:
The fine received by WhatsApp is the result of an inquiry that began in December 2018 after the privacy watchdog, the Data Privacy Commissioner (DPC), received several complaints about WhatsApp data processing operations from “individual data subjects” (both users and non-users).
According to the news publication BleepingComputer, throughout the investigation, Ireland’s DPC declared that they:
examined whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service.
This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.
In addition to the penalties, the Irish data protection authority ordered WhatsApp to put its processing in accordance with GDPR standards by implementing a series of specific remedial steps by a three-month deadline, and following objections that came from EU data regulators, the fine was tripled.
Following a lengthy and comprehensive investigation, the DPC submitted a draft decision to all Concerned Supervisory Authorities (CSAs) under Article 60 GDPR in December 2020. The DPC subsequently received objections from eight CSAs.
The DPC was unable to reach consensus with the CSAs on the subject-matter of the objections and triggered the dispute resolution process (Article 65 GDPR) on 3 June 2021. On 28 July 2021, the European Data Protection Board (EDPB) adopted a binding decision and this decision was notified to the DPC.
This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.
WhatsApp Will Appeal the Decision
WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.
We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision.
The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) enforced a ban that was valid until the end of August after WhatsApp promoted account feature restrictions for those users that refused to give up control of their data so this could be shared with Facebook companies.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
