WhatsApp Fined Record $266-Million for Data Breaches

Facebook-owned chat platform WhatsApp has been fined a record $266-million by an Irish data protection regulator for allegedly failing to uphold EU data rules around transparency in 2018, reports Reuters.

The initial fine was raised from 50-million euros ($42-million) to 225-million euros ($266-million) after the EU privacy watchdog pressured Ireland to raise the penalty for WhatsApp’s privacy breaches, according to Austrian privacy campaigner Max Schrems, who has taken on Facebook in several privacy cases already.

[Tweet “WhatsApp has been fined a record $266-million by an Irish data protection regulator for allegedly failing to uphold EU data rules around transparency in 2018.”]

WhatsApp has since called the fine “entirely disproportionate” and said that it would appeal. Other European countries have also sought to charge massive fines to tech powerhouses for alleged privacy breaches, in July the Luxembourg privacy agency meted out an $886.6-million fine to Amazon.

Ireland’s Data Privacy Commissioner (DPC), the lead privacy regulator for Facebook and its companies within the European Union said the fine was based around WhatsApp’s transparency to its data subjects.

“This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies,” the DPC said in a statement.

In a statement, WhatsApp said via a spokesperson that the transparency issues in questions related to policies in place three years ago in 2018, and that the company had indeed provided enough information to its users.

“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” the spokesperson said in the statement.

The Irish regulator also ordered WhatsApp to bring its processing into compliance through “a range of specified remedial actions.” The regulator had a total of 14 major inquiries into Facebook and its subsidiaries – WhatsApp and Instagram – open as of last year.

“It is to be expected that this case will now be before the Irish courts for years and it will be interesting if the DPC is actively defending this decision before the courts, as it was forced to make such a decision by its EU colleagues at the EDPB,” Schrems said.


The European Data Protection Board, the EU’s data privacy watchdog, said that it had given the Irish data agency “pointers” in July to address criticism the agency has been receiving from peers for taking too long to make decisions in cases involving tech giants, and for not fining these companies enough for breaches.

“What is important now is that the many other open cases on WhatsApp in Ireland are finally decided on so that we can take faster and longer strides towards the uniform enforcement of data protection law in Europe,” Ulrich Kelber, Germany’s federal commissioner for data protection and freedom of information said.

Europe has a much-discussed, landmark digital privacy policy, known as GDPR, which has been used to inform and influence other privacy policies across the world, like South Africa’s PoPIA.

By Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter