WhatsApp fined $267M for breaching GDPR rules

After an investigation, Ireland’s data watchdog, the Data Protection Commission, concluded that Facebook-owned WhatsApp fell foul of EU data privacy rules. Handing down a $267M fine, the watchdog said WhatsApp failed to inform European Union citizens enough about how the communications firm collected, used and shared their personal data.

The investigation into WhatsApp started in 2018 and considered a number of issues, including if privacy policies were clear enough for users to understand and if the business told them about how their data was processed. Since the investigation began, WhatsApp has changed their privacy policies a number of times, which some users have complained are overly long and complex.

“In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions,” the Data Protection Commission said in a statement.

In response to the ruling, WhatsApp reinforced their commitment to offering a secure service to users. “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” said a WhatsApp spokesperson.

Under GDPR rules, companies that are found to breach these regulations can face fines of up to 4% of the company’s global turnover. The $267M figure represents the second-highest fine under GDPR rules. Another case against WhatsApp is pending from the Data Protection Commission, with several other high-profile tech firms such as Google, Twitter and Facebook also under investigation by the watchdog.