Why WhatsApp to appeal $266 Million Fine for Breaching EU Privacy laws!

Why WhatsApp to appeal $266 Million Fine for Breaching EU Privacy laws!

Data Privacy Commissioner (DPC) of Ireland has exploited the Facebook-owned messaging platform WhatsApp with a $226 million administrative penalty for breaching the EU’s GDPR privacy rules after being unable to alert the users and non-users on what it does with their information.

EU data regulators can also impose maximum GDPR penalties of up to $24.3 million or around 4% of the violating associations’ yearly global turnover which is greater for breaching EU’s privacy protocols. The penalty pursues a researcher initiated in December 2018 after the information watchdog received multiple complaints from “individual data subjects” from both users and non-users relating to WhatsApp information processing activities.

Throughout the research, Ireland’s DPC “analyzed whether WhatsApp has discharged its GDPR transparency agreement with regard to the provision of data and the transparency of that information to both users and non-users of WhatsApp’s service.” “This also consists of information facilataed to data subjects about the processing of information between WhatsApp and other Facebook companies,” the manager explained.

WhatsApp’s fine reflects the violations the EU regulators found:

  • In respect of Article 5(1)(a) of the GDPR (a fine of $90 million)
  • In respect of Article 12 of the GDPR (a fine of $30 million)
  • In respect of Article 13 of the GDPR (a fine of $30 million)
  • In respect of Article 14 of the GDPR (a fine of $75 million)

On top of the fine, the Irish data watchdog also ordered WhatsApp to bring its processing into compliance with GDPR’s requirements by taking a range of specified remedial actions with a deadline that will expire in three months.

Fine Quartet after Challenges from the other EU data Handlers

Why-WhatsApp-appeal-266-Million-Fine-for-Breaching-EU-Privacy-laws-image1

What makes this fine stand out besides its size is the fact that eight other EU privacy regulators including Germany, France, Hungary, Italy, Portugal, Holland, and Poland decline the initial $50 million fine the Irish data privacy watchdog expected and ordered it to amend.

This led to the penalty being expanded by more than four times after the Irish watchdog was forced to consider all of WhatsApp’s violations when computing the amount of the fine.

“Pursuing a lengthy and broad research, the DPC provided a draft decision to all Concerned Supervisory Authorities (CSAs) under Article 60 GDPR in December 2020. Afterwards the DPC received objections from eight CSAs,” the Irish regulator said today.

“The DPC was not able to connect accord with the CSAs on the subject matter of the objections and triggered the dispute resolution process (Article 65 GDPR) on 3 June 2021. On 28 July 2021, the European Data Protection Board (EDPB) adopted a binding decision and this decision was notified to the DPC.     

That decision included a clear guideline that needed the DPC to reevaluate and boost its aimed penalty on the behalf of a number of factors included in the EDPB’s decision and pursuing this amendment the DPC has charged a penalty of $226.3 million on WhatsApp.

Whatsapp will Address the Decision

The company revealed in a statement “WhatsApp is devoted to facilitate a protected and private service. We have processed to make sure that the data we provide is transparent and comprehensive and will continue to do so.” “We are not agree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision.”

In May, the Hamburg Commissioner for Data Protection and Freedom of Information short for HmbBfDI banned Facebook from processing WhatsApp user data until the end of August after WhatsApp said it would restrict account features for users who refuse to give up control of their data and have it shared with Facebook companies.

After the ban, WhatsApp retracting on its plans stating that “given recent discussions with diffrent authorities and privacy experts, we want to make clear that we will not limit the functionality of how WhatsApp works for those who have not yet accepted the update.”

In related news, Amazon has also been hit with a record-breaking $746 million fine in July by the Luxembourg National Commission for Data Protection (CNPD) for GDPR violations regarding its targeted behavioral advertising, the largest ever fine issued by an EU data watchdog for GDPR violations.

Amazon also told our experts that it would appeal the decision as it “strongly diverged with the CNPD’s ruling.” “The decision relating to how we show customers relevant advertising depends on subjective and untested analysis of European privacy law and the expected fine is entirely out of proportion with even that interpretation.”

Leave a Reply