Ireland has imposed a record € 225 million fine on Facebook subsidiary Whatsapp for violating privacy laws. According to the Irish regulator, WhatsApp did not comply with EU rules on data transparency.
Whatsapp appears to have not sufficiently informed users about the fact that other Facebook companies also use this personal data. It was also unclear how personal information is collected and further processed.
According to the law, the processing of data must not only be lawful and proportionate but also transparent. Irish research shows that the way data is shared within Facebook is obscured. A basic rule is that personal data can only be used for the purpose for which it was collected. You may not simply use personal data collected later for another purpose.
Whatsapp finds the fine ‘out of all proportion’. The messaging service will certainly appeal. According to a spokesperson, this case concerns policies from 2018. Whatsapp finds it strange that such a severe punishment is now being imposed for a transparency issue that is already three years old.
This Irish ‘personal data authority’ has been criticised several times in the past by other European regulators. Colleagues found the Irish Data Privacy Commissioner (DPC) too slow to make statements on issues that concern Big Tech. It took a long time for decisions to be taken. Facebook and Instagram’s subsidiaries Whatsapp and Instagram were in the process of being dealt with by the Irish at the end of last year. In addition, violations were hardly fined.
Regulators from eight other EU member states intervened in the Whatsapp investigation. Last July, the European Data Protection Board (EDPB) instructed the Irish to increase their proposed fine. For years, Ireland was a Valhalla for American tech companies. They liked to set up their European headquarters in Dublin, not only for tax reasons but also because of the favourable ‘privacy climate’.
By the way, the fine amounts to less than one percent of Facebook’s profit for 2020. However, it is the second largest sanction since the introduction of the GDPR (General Data Protection Regulation). Only the 746 million fine that Amazon received from the Luxembourg privacy watchdog last July is bigger.