The Irish digital authority on Thursday announced a fine of 225 million euros ($ 267 million) to WhatsApp mobile messaging following an investigation requested by the European data protection body following the changes in its use of personal information.
It is the largest sanction imposed by the Irish regulator and the second largest by a digital regulator in Europe, following the € 746 million fine imposed on Amazon in July in Luxembourg for breaching users ’private information rules.
The investigation into WhatsApp, initiated by the Irish DPC data protection commission in December 2018, sought to determine whether this app “complied with its transparency obligations” in terms of informing users of how its data would be used.
This included reporting on how information is shared between WhatsApp and other companies in the Facebook group, which owns this popular mobile messaging app.
As a result of this investigation, the DPC “has imposed a fine of 225 million euros on WhatsApp,” the body announced in a statement, calling on the Facebook subsidiary to comply with European Union data protection regulations .
The Irish regulator has jurisdiction in this case given that the American digital giant Facebook has its European headquarters in that country.
The EU’s General Data Protection Regulation (RGPD), in force since 2018, gives regulators greater power to protect consumers from digital giants such as Facebook, Google, Apple and Twitter, which, attracted by favorable tax treatment, they have chosen Ireland as their headquarters.
The RGPD allows regulators to fine these groups up to 4% of overall turnover.
– WhatsApp will appeal “disproportionate” sanctions –
“WhatsApp is committed to providing a secure and private service. We have worked to ensure that the information we provide is transparent and complete and we will continue to do so,” a WhatsApp spokesman reacted in a brief statement.
“We do not agree with today’s decision on the transparency we provide to people in 2018 and the sanctions are totally disproportionate,” he stressed, noting that the company will appeal this decision.
After receiving the first conclusions from the Irish authority, the European regulator, which federates 27 national European data protection authorities, called in July for “new investigations quickly” and an increase in the proposed sanctions.
At the urging of the German regulator following controversial changes to the conditions of use of mobile messaging, the European body wanted more information about the use that Facebook intended to make of the data of its subsidiaries. In particular, on the possibilities of crossing linked to the use of unique identifiers.
In its decision, the DPC noted “very serious breaches” of transparency and a “very significant lack of information” provided to the user.
“Failure to comply with the principle of transparency could undermine other fundamental principles of data protection,” including “the principles of fairness and accountability,” the Irish regulator noted.
Complaints against Facebook and other digital giants are on the rise in Europe, although some oenages accuse the Irish regulator of being too complacent, as Ireland benefits from the tax revenues of multinationals based in the country.
The DPC “had proposed an initial fine of 50 million euros and was forced by other European authorities to increase it to 225 million euros,” said in a statement Max Schrems, a prominent figure in the fight for protection of personal data and founder of the oenage “None of your business” (“It’s none of your business”).