South China Morning Post
Advertisement
Advertisement
Ireland
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
WhatsApp said it would appeal the decision. Photo: Reuters
WorldEurope

Ireland fines WhatsApp US$267 million for breaching EU data privacy laws

  • WhatsApp was probed on whether it had violated its ‘transparency obligations’ in telling users how their data would be processed between WhatsApp and other Facebook firms
  • The fine is largest penalty ever issued to a company by the Irish data protection commission, dwarfing the US$533,650 fine imposed on Twitter last year
Ireland
Agence France-Presse
Agence France-Presse
Why you can trust SCMP
Ireland on Thursday slapped Facebook’s WhatsApp messaging service with a record fine for breaching EU data privacy laws after European regulators demanded the penalty be increased.

Ireland’s Data Protection Commission (DPC) was entrusted with the case because Facebook’s European headquarters are situated in the country.

“And following this reassessment the DPC has imposed a fine of €225 million (US$267 million) on WhatsApp,” the commission said, by far the largest penalty it has ever issued to a company, dwarfing the €450,000 (US$533,650) fine imposed on Twitter last year.

As Ireland hosts the regional headquarters of a number of major tech players such as Apple, Google and Twitter, the DPC has been largely responsible for policing adherence to the EU’s landmark General Data Protection Regulation (GDPR) charter.

But Ireland has come under pressure for not taking a firm enough line against tech giants, who are generally understood to be drawn to the country by its low corporate tax rate of 12.5 per cent.

WhatsApp said it would appeal the decision.

“We disagree with the decision today” it said in a statement, calling the penalties “entirely disproportionate.”

The DPC launched the WhatsApp probe in December 2018 to examine whether the messaging app “discharged its GDPR transparency obligations” with regard to telling users how their data would be processed between WhatsApp and other Facebook companies.

In an initial finding submitted to other European regulators for approval last December, the DPC proposed imposing a fine of between €30-50 million, but a number of national regulators rejected the figure, triggering the launch of a dispute resolution process in June.

Last month, the European Data Protection Board (EDPB) instructed the DPC to increase the fine, with Germany’s regulator leading the calls for the penalty to be higher.

The EDPB said that the fine had to “reflect a significant level of non-compliance which impact on all of the processing carried out by WhatsApp” in Ireland.

The fine had to be “effective, dissuasive and proportionate”, it said.

Hailed as a potent weapon to bring tech titans to heel, the GDPR endowed national watchdogs with cross-border powers and the possibility to impose sizeable fines for data misuse.

But Germany’s data protection commissioner, Ulrich Kelber, in March wrote an open letter criticising the DPC for the “extremely slow” way it handled GDPR complaints.

Post