Dublin based Data Protection Commission (DPC) have issued a massive €225m fine to WhatsApp. The Irish data protection authority said WhatsApp have breached privacy regulations and ordered them to pay up and fix their policies to protect personal data.
The fine was in relation to an investigation which began in 2018. It questioned if WhatsApp were transparent enough about how it handles data, and whether they gave users enough information about how their data was processed. It also questioned whether its privacy policies were clear enough.
WhatsApp plans to appeal their decision and say their policies have been updated several times. Although they say the fines are disproportionate, GDPR rules do allow for fines of up to 4% of a company’s global turnover.
Whilst this huge fine might be hard to swallow, compared to the one Amazon received in July it’s a drop in the ocean. They were fined €746m by Luxembourg’s National Commission for Data Protection, which claimed the tech giant’s processing of personal data did not comply with EU law.
Compliance is not an option
The law requires businesses that process, handle and store customer information to overhaul their data management practices & processes to ensure their internal procedures are compliant with the data protection principles set out in the GDPR, relating to fairness, lawfulness, and transparency of data processing.