WhatsApp fined $267 million for not being clear enough about how it uses data

It is the second largest fine following the $888 million levied against Amazon in July

Adam Smith
Thursday 02 September 2021 15:57
Comments
IRLANDA WHATSAPP
IRLANDA WHATSAPP
Leer en Español

WhatsApp has been hit with a fine of €225 million ($266 million) for privacy beaches by the European Union’s privacy watchdog.

Ireland’s Data Privacy Commissioner (DPC) investigated a potential GDPR violation by WhatsApp in 2018, regarding whether the messaging company was sufficiently transparent to users and non-users about data processed by its parent company Facebook and other related companies.

These concerns are not about data sharing itself, but rather WhatsApp’s transparency with users about how data is shared.

The watchdog states that WhatsApp violated a range of articles in the GDPR legislation.

As TechCrunch summarises, this includes 5(1)(a); 12, 13 and 14. These relate to regulation that personal data be processed fairly and transparently, that companies must spell out their legitimate interests in collecting user data, and that when data obtained from sources other than the user they must be informed of what that source is, how it is processed, and the categories of personal data obtained, among other regulations.

This includes, for example, WhatsApp uploading the phone numbers of non-users if one user has consented to the messaging platform having access to their contacts.

As well as this fine, WhatsApp has been ordered to update its privacy policy and change how it notifies users about data sharing. It must do this within three months.

A WhatsApp spokesperson told The Independent that it will appeal the decision, saying that it is “committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.

“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate”.

The fine, which is the second biggest levied to date following Amazon’s $888 million penalty in July 2021, showed the EU’s complex consistency and dispute resolution processes at work”, John Magee, Head of DLA Piper’s Privacy, Data Protection and Security practice in Ireland, told The Independent.

“An eye-catching aspect of that process was the increase in the size of the fine from a range of €30m-€50m first proposed by the DPC”, he continued. In July 2021, the European Data Protection Board (EDPB) told the DPC to reassess its conclusion and increase the proposed fine. This “highlights the importance of compliance with the GDPR’s rules on transparency in the context of users, non-users and data sharing between group entities”, Magee said.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in