WhatsApp Gets €225 Million GDPR Fine

Irish Data Protection Commission (DPC) imposed a €225 million fine on Facebook’s WhatsApp for failures around transparency in how it handled users’ personal information. The fine is following a probe which began in 2018. DPC had 14 major probes into Facebook and subsidiaries WhatsApp and Instagram open at the end of 2020.

The DPC acts as Facebook’s lead regulator in the EU. In a statement it explained a lengthy and comprehensive investigation had found issues with how WhatsApp had processed users and non-users’ data, and whether the company had been compliant with the bloc’s GDPR obligations. “This includes information provided to data subjects about processing of information between WhatsApp and other Facebook companies,“ the DPC stated.

The fine is the largest to date by the Irish regulator, which added it had also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions. In response, WhatsApp argued the issues DPC found related to policies which were in place in 2018 and pledged to appeal the disproportionate fine. Under current GDPR rules, violations can result in fines of up to 4 percent of a company’s global revenue.