WhatsApp faces a $267 million fine; do you know why?
It’s been a long time coming, but Facebook is finally feeling some heat from Europe’s much-trumpeted data protection regime: Ireland’s Data Protection Commission (DPC) has just announced a €225 million (~$267 million) fine for WhatsApp.
The Facebook-owned messaging app has been under investigation by the Irish DPC, its lead data supervisor in the European Union, since December 2018 — several months after the first complaints were fired at WhatsApp over how it processes user data under Europe’s General Data Protection Regulation (GDPR), once it began being applied in May 2018.
Despite receiving several specific complaints about WhatsApp, the investigation undertaken by the DPC that’s been decided today was what’s known as an “own volition” inquiry — meaning the regulator selected the parameters of the investigation itself, choosing to fix on an audit of WhatsApp’s “transparency” obligations.
WhatsApp faces a $267 million fine
WhatsApp isn’t just catching flak from users over its data sharing with Facebook. The Financial Times reports the Irish Data Protection Commission has fined WhatsApp €225 million ($266 million) for not sharing enough details of how it shares European Union users’ data with Facebook. The messaging service.
The Commission additionally stated the data sharing itself violated GDPR. WhatsApp was merely storing “pseudonymous” cellphone quantity data, as an example, quite than actually anonymizing it. Moreover, while the numbers had been saved utilizing lossy hashes, WhatsApp had the hash key that wanted to decrypt that data — it may tie that quantity to a selected particular person if needed.
The ruling requested WhatsApp to enhance its transparency and produce data sharing consistent with the GDPR. The Irish company initially deliberately fined WhatsApp €50 million ($59.3 million) for breaking GDPR; however, it hiked the punishment after Germany. Different nations accused the Commission of being lenient on privateness violations.
WhatsApp is unsurprisingly deliberate to attract the choice. It claimed that it met transparency necessities in 2018 (round when the investigation started) and that the fines had been “entirely disproportionate.” Furthermore, it maintained that it strived to supply “transparent and comprehensive” data to customers.
The ruling requires WhatsApp to increase transparency and make data sharing in line with GDPR. The Irish agency originally planned to impose a fine of 50 million euros ($59.3 million) on WhatsApp for violating the GDPR, but after Germany and other countries accused the committee of lenient treatment of privacy violations, the penalties were increased.
As expected, WhatsApp plans to appeal this decision. It claimed that it met the transparency requirements in 2018 (approximately at the beginning of the investigation) and that the fine was “completely disproportionate.” It insists that it strives to provide users with “transparent and comprehensive” information.
The fine is the latest in a series of penalties for violations of technology giants. Amazon faces A record fine of US$888 million. In July, due to GDPR issues, Twitter was ordered to pay 450 million euros ($533.6 million) for failing to report a data breach within 72 hours. In contrast, WhatsApp’s fine is light, although it can be said to be Coping with greater recoil. Its data policy.
The Bottom Line
Ireland’s Data Protection Commission originally sought a €50 million fine, which would have been the same amount Google was penalized in 2019 for breaking GDPR requirements. However, other European data regulators disagreed with the initial penalty and demanded Ireland’s DPA raise the amount even further.
Despite the punishment, European privacy activist Max Schrems expects the case will continue to grind away in Irish appeals courts for years before any penalty is actually paid. According to Schrems, the real problem is that Ireland’s Data Protection Commission has been far too slow in prosecuting GDPR violations.
“The DPC gets about ten thousand complaints per year since 2018, and this is the first major fine,” he said in a statement.
“It will be exciting to see if the DPC will actually defend this decision fully, as it was basically forced to make this decision by its European counterparts. However, I can imagine that the DPC will not put many resources on the case or ‘settle’ with WhatsApp in Ireland,” he added.