DPC hits WhatsApp with record GDPR fine
The Data Protection Commission (DPC) has hit WhatsApp with a record 鈧225 million for breaches of its obligations under the EU鈥檚 GDPR data-privacy rules.
The watchdog has also reprimanded the Facebook-owned company, and has ordered it to bring its data-processing into compliance by taking 鈥渁 range of specified remedial actions鈥.
The DPC began its investigation in December 2018. The probe examined whether WhatsApp had provided enough information to users and non-users of its service 鈥 and whether that information had been transparent enough.
EDPB ruling
This included information provided to users about the processing of information between WhatsApp and other Facebook companies.
After its investigation, the DPC submitted a draft decision to other European data regulators in December 2020. After objections from eight of these regulators, and subsequent discussions, the DPC triggered the GDPR鈥檚 dispute-resolution process.
This led to in July by the European Data Protection Board (EDPB), which ordered the DPC to increase its fine.
'Eye-catching'
WhatsApp has indicated that it will appeal the ruling.
Data-law experts said the fine highlighted the importance of complying with GDPR rules on transparency for users, non-users, and the data-sharing between group entities.
John Magee (head of DLA Piper鈥檚 privacy, data-protection, and security practice in Ireland) said that the decision showed the EU鈥檚 鈥渃omplex consistency and dispute-resolution processes at work鈥,
鈥淎n eye-catching aspect of that process was the increase in the size of the fine, from a range of 鈧30m-鈧50m first proposed by the DPC,鈥 he added.