WhatsApp Ireland has been hit with a record €225 million fine by the Data Protection Commission (DPC) for infringement of data protection rules.
Under EU data laws, it’s the second-largest fine ever issued to an organisation while being the largest fine ever issued by the Data Protection Commission.
WhatsApp has been ordered to take a range of specified remedial actions in order to bring its processing into compliance.
WhatsApp will be appealing the ruling, stating that its penalties are disproportionate.
The DPC launched an investigation three years ago after new data protection rules were brought into force by the EU.
WhatsApp was placed under examination to see if it met the obligations under the General Data Protection Regulations (GDPR) in regards to the provision of information provided to users and non-users of WhatsApp’s services and other Facebook companies.
The investigation was concluded last December and a draft decision was sent to other European data regulators for consideration.
The conclusions of the draft were met with disagreement from eight of about 40 of the data regulators, who also disagreed with the proposed fine of up to €50 million.
As a consensus couldn’t be achieved, the case was referred to the European Protection Board which made its ruling at the end of July for the DPC to enforce.
The DPC stated, “This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp,”.