WhatsApp has been fined $ 267 million for violating EU data protection regulations


Facebook’s WhatsApp is being censored in China as the Communist Party congress begins.

Jaap Arriens | NurPhoto | Getty Images

WhatsApp, which belongs to Facebook, has been fined a record € 225 million (US $ 267 million) by Ireland’s data watchdog for violating EU data protection regulations.

The Irish Data Protection Commission said Thursday that WhatsApp had not given citizens in the European Union enough information about what it was doing with their data.

The regulator said WhatsApp failed to tell Europeans how their personal information is collected and used, and how WhatsApp shares data with Facebook.

It has instructed the platform, which is used by 2 billion people worldwide, to optimize its data protection guidelines and communication with users so that it complies with European data protection law. As a result, WhatsApp may need to expand its privacy policy, which some users and companies have already criticized as being too long and complex.

A WhatsApp spokesman told CNBC that the company plans to appeal the decision.

“WhatsApp strives to provide a safe and private service,” they said. “We have worked to ensure that the information we provide is transparent and comprehensive and will continue to do so.”

“We disagree with today’s decision on the transparency we gave people in 2018 and the penalties are completely disproportionate,” added the spokesman.

In an FAQ on its website, WhatsApp states that it shares phone numbers, transaction details, business interactions, mobile device information, IP addresses, and other information with Facebook. However, it does not pass on personal conversations, location data or call logs.

The WhatsApp fine is the largest penalty imposed by the Irish regulator for violating the European General Data Protection Regulation (GDPR).

The GDPR requires companies to be clear and open about how they use customer data.

The law – passed in April 2016 and enforced since 2018 – replaces a previous law called the Data Protection Directive and aims to harmonize regulations across the 28-nation EU bloc.

Some critics argue that EU regulators have been too slow to pass the law and penalize Big Tech for non-compliance.

In July, the Luxembourg data regulator fined Amazon € 746 million for violating the GDPR rules on the use of consumer data in advertising. The Luxembourg data protection commission said the processing of personal data by Amazon violated the GDPR.

Elsewhere, Google was fined 50 million euros by the French data protection authority CNIL in 2019 for violating GDPR advertising. The CNIL said it was fined for “lack of transparency, insufficient information and lack of valid consent to personalize ads”.