Irish data protection regulator slapped a record 225 million euro ($266 million) fine on Facebook’s WhatsApp following pressure on Ireland by the European Union privacy watchdog to increase the penalty amount for breach of privacy charges.
While saying that the fine slapped on it was “entirely disproportionate”, WhatsApp said it would appeal against the decision. However the fine is still dwarfed by the record $886.6 million euro fine against Amazon by the Luxembourg privacy agency in July.
The initial fine was 50 million euros, said Austrian privacy campaigner Max Schrems, who has taken on Facebook in several privacy cases.
At the centre of the charges against WhatsApp was whether the company had conformed with EU data rules about transparency in 2018, said Ireland’s Data Privacy Commissioner (DPC), the lead data privacy regulator for Facebook within the European Union.
“This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies,” the Irish regulator said in a statement.
The issues in this case related to policies that were in place in 2018 and the company had provided comprehensive information of compliance, said a WhatsApp spokesperson in a statement.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” the spokesperson said.
According to the European Data Protection Board, the privacy watchdog of the EU, several pointers to the Irish agency had been given by it in July for addressing criticism from its peers for the Irish watchdog taking too long to take a decision on cases related to tech giants as well as for slapping smaller fines for breaches than required on the tech companies.
Facebook’s turnover should be taken into account by WhatsApp, the European Data Protection Board said, and added that only three months instead of the six months to the company to comply with the order.
According to Ulrich Kelber, Germany’s federal commissioner for data protection and freedom of information, GDPR, Europe’s landmark privacy rules, are finally having the desired effect after being implemented in 2018 even though the lead regulator for some tech giants appears otherwise.
“What is important now is that the many other open cases on WhatsApp in Ireland are finally decided on so that we can take faster and longer strides towards the uniform enforcement of data protection law in Europe,” he told Reuters.
After Ireland shared its provisional decision related to the WhatsApp probe, that was initiated December 2018, a dispute resolution mechanism was triggered by data regulators from eight other European countries.
The Irish regulator said that a meeting in July of the European Data Protection Board issued a “clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained”.
“Following this reassessment the DPC has imposed a fine of 225 million euros on WhatsApp,” it said.
WhatsApp was also ordered by the Irish regulator to bring its processing into compliance by taking “a range of specified remedial actions”.
(Adapted from NBCNews.com)