WhatsApp, owned by Facebook, is being censored in China as the Communist Party congress begins.
Jaap Arriens | NurPhoto | Getty Images
Facebook-owned WhatsApp has received a record € 225 million ($ 267 million) fine from Ireland’s data watchdog for breaching EU data privacy rules.
The Irish Data Protection Commission said on Thursday that WhatsApp did not adequately inform EU citizens about its data.
The regulator said WhatsApp was unable to inform Europeans of how its personal information is collected and used, as well as how WhatsApp shares data with Facebook.
It has ordered the platform, which is used by 2 billion people worldwide, to adjust its privacy policies and how it communicates with users to comply with European privacy legislation. As a result, WhatsApp may need to extend its privacy policy, which some users and companies have already criticized for being too long and complex.
A WhatsApp spokesman told CNBC that the company plans to appeal the decision.
“WhatsApp is committed to providing a private and secure service,” they said. “We have worked to ensure that the information we provide is transparent and complete and will continue to do so.”
“We do not agree with today’s decision on transparency that we provided to the people in 2018 and the sanctions are completely disproportionate,” the spokesman added.
In a FAQ on its website, WhatsApp claims to share phone numbers, transaction data, business interactions, mobile device information, IP addresses and other information with Facebook. However, it does not share personal conversations, location data, or call logs.
The WhatsApp fine is the heaviest penalty imposed by the Irish regulator for breaches of the European Data Protection Regulation (GDPR).
The RGPD requires companies to be clear and direct about how they use customer data.
The legislation, passed in April 2016 and implemented since 2018, replaced an earlier law called the Data Protection Directive and aims to harmonize rules across the EU bloc of 28 countries.
Some critics argue that EU regulators have been too slow to impose the law and impose sanctions on Big Tech for breaching it.
In July, the Luxembourg data regulator fined Amazon 746 million euros for breaching the RGPD’s rules on the use of consumer data in advertising. The Luxembourg National Data Protection Commission said Amazon’s personal data processing did not comply with the GDPR.
Elsewhere, Google received a € 50 million fine from France’s privacy regulator, CNIL, in 2019 for breaches of GDPR ads. CNIL said it had imposed the fine for “lack of transparency, inadequate information and lack of valid consent on the personalization of ads.”