Executives at Facebook were handed some bad news on Thursday by the Irish Data Protection Commission (DPC).

The DPC ruled on Thursday that WhatsApp will be fined 225m euros (£193m or $267m) by Ireland’s data watchdog for breaching data processing regulations, after pressure from the EU privacy watchdog to increase its initial fine.

The DPC said the fine came after an investigation that had “commenced on 10 December 2018 and it examined whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service.”

WhatsApp fine

Concerns have been ongoing for years, and stem from when Facebook acquired WhatsApp in 2014.

Soon after that acquisition, the messaging app modified its terms of service, informing users it would share their data with its new parent.

That didn’t sit well with European watchdogs, and the move spurred a number of regulatory actions against Facebook in Europe.

And now the Irish DPC has reached its conclusion about the matter.

“On 28 July 2021, the European Data Protection Board (EDPB) adopted a binding decision and this decision was notified to the DPC,” the Irish regulator said. “This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.”

The Irish DPC took the lead in this case because WhatsApp’s owner, Facebook, has its EU headquarters in Ireland.

The DPC had originally proposed to fine WhatsApp between 30 to 50m euros, but the EDPB told the DPC to increase the fine, which it has now done.

And the DPC was not finished there.

“In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions,” it said.

Large fine

The 225 euro fine is the largest fine ever from the Irish Data Protection Commission, and it is the second-highest fine issued under EU GDPR rules.

The largest ever EU GDPR fine came last month, when Luxembourg’s National Commission for Data Protection fined Amazon 746 million euros (£637m or $886.6m) over alleged violations of GDPR privacy law relating to advertising data.

Amazon is contesting that penalty.

Meanwhile it is understood that the Irish regulator had 14 major inquiries into Facebook and its subsidiaries WhatsApp and Instagram open as of the end of last year.

This particular case however centres around regulatory disapproval of WhatsApp failing to tell Europeans how their personal information is collected and used, as well as how WhatsApp shares data with Facebook.

Facebook is likely to fight this DPC ruling in the courts, which could take years.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago