Facebook Inc.’s WhatsApp was ordered to pay a €225 million ($266 million) penalty for failing to be transparent about how it handled personal information, its first fine under beefed-up European Union data protection law.
The Irish Data Protection Commission—Silicon Valley’s main privacy watchdog in Europe—said it found violations in the way WhatsApp explained how it processed users’ and non-users’ data, as well as how data was shared between WhatsApp and other Facebook companies.
The fine comes weeks after Amazon.com Inc. was hit with a record €746 million penalty in Luxembourg, where it has its European base, for processing personal data in violation of the EU’s General Data Protection Regulation.
Under the three-year-old GDPR law, authorities have powers to fine companies as much as 4% of their annual sales. The rules put watchdogs based in a company’s chosen EU hub in charge of supervising them. But the Irish regulator, which has at least 28 privacy probes open targeting tech giants such as Apple Inc. and Alphabet Inc.’s Google, has faced mounting criticism for taking too long to wrap up its cases.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” a WhatsApp spokesperson said. “We will appeal this decision.”
The Irish authority said that it would also order the messaging service to take remedial action to bring its data processing communication into compliance. This includes making it clearer how users can lodge a complaint with a supervisory authority.
WhatsApp announced in an Irish regulatory filing in November it set aside €77.5 million to pay potential fines from at least two probes by Ireland’s data-protection watchdog.
The European Data Protection Board, a panel of EU data authorities, said in a statement Thursday that it pushed for a higher privacy fine for WhatsApp leading to the penalty imposed by Ireland.
An initial draft of the fining decision by the Irish watchdog stumbled amid several objections by EU counterparts, including “the appropriateness of the envisaged corrective measures.”
Thursday’s fine also comes amid added pressure on WhatsApp over policy changes it announced in January. It was forced to delay the overhaul until May after a backlash from users and regulators over what data the messaging service collects and how it shares that information with its parent Facebook.
The European Data Protection Board, a panel of EU authorities, said in July that Facebook’s practices linked to WhatsApp data should be examined “as a matter of priority” by the Irish privacy watchdog.
—With assistance from Aoife White.
- How to Help Victims of the Texas School Shooting
- TIME's 100 Most Influential People of 2022
- What the Buffalo Tragedy Has to Do With the Effort to Overturn Roe
- Column: The U.S. Failed Miserably on COVID-19. Canada Shows It Didn't Have to Be That Way
- N.Y. Will Soon Require Businesses to Post Salaries in Job Listings. Here's What Happened When Colorado Did It
- The 46 Most Anticipated Movies of Summer 2022
- ‘We Are in a Moment of Reckoning.’ Amanda Nguyen on Taking the Fight for Sexual Violence Survivors to the U.N.