Facebook`s messaging app WhatsApp was fined a record 225 million euro ($266 million) by the Irish data protection regulator after the EU privacy watchdog pressured Ireland to raise the penalty for the company’s privacy breaches.
WhatsApp has termed the fine as “entirely disproportionate” and it plans to appeal further. Still, the Irish fine is lower than the record $886.6 million euro fine meted out to Amazon by the Luxembourg privacy agency in July.
Austrian privacy campaigner Max Schrems, who has taken on Facebook in several privacy cases, said the initial fine was 50 million euros.
Ireland`s Data Privacy Commissioner (DPC) said the issues related to whether WhatsApp conformed in 2018 with EU data rules about transparency.
“This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies,” the Irish regulator said in a statement.
A WhatsApp spokesperson further said the issues in question related to policies in place in 2018 and the company had provided comprehensive information.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” the spokesperson said.
EU privacy watchdog the European Data Protection Board further added that it had given several pointers to the Irish agency in July to address criticism from its peers for taking too long to decide in cases involving tech giants and for not fining them enough for any breaches.
It further noted that a WhatsApp fine should take into account Facebook`s turnover and that the company should be given three months instead of six months to comply.
Europe`s landmark privacy rules are finally showing some teeth even if the lead regulator for some tech giants appears otherwise, said Ulrich Kelber, Germany`s federal commissioner for data protection and freedom of information.
“What is important now is that the many other open cases on WhatsApp in Ireland are finally decided on so that we can take faster and longer strides towards the uniform enforcement of data protection law in Europe,” he said.