As of Thursday the 2nd of September 2021, Facebook-owned messenger app WhatsApp has been handed a record-setting fine by Ireland’s Data Protection Commission (DPC), to the jaw-dropping sum of €225 million (R3.8 billion). The fine comes following the DPCs three-year-long investigation into the messaging platform’s controversial privacy practices.
WhatsApp’s chickens come home to roost
The Guardian reports that this is the largest fine the DPC has ever handed out, and is also the second-largest fine ever thrown at a Big Tech company under EU laws.
The DPC reportedly alleges that WhatsApp has “severe[ly]” violated several areas of the general data protection regulation (GDPR), a wholistic policy concerned with data privacy and transparency. In particular, the DPC claims that the messaging giant has failed to provide adequate information to users regarding the processing of their information across Facebook’s platforms. According to the DPC, WhatsApp only provided 41% of the data it should be giving to its users.
Moreover, non-WhatsApp users whose messages were forwarded to its platform received no information of such occurrences, let alone exactly what information of theirs had been shared, which the DPC says is a violation of their right to control over their personal information.
The DPC apparently initially proposed a fine against WhatsApp for these same violations last year, a (in comparison) modest fee of €30 to €50 million. Several EU data regulators weren’t happy with that number and deferred to the European Data Protection Board, which instructed the Irish DPC to reassess its findings and come up with a more appropriate (higher) fine.
Along with the fine, WhatsApp has also been ordered to amend its GDPR violating practices. The platform reportedly finds the fine disproportionate and plans to appeal it. No surprises there.