WhatsApp on Thursday was fined roughly $267 million by Ireland’s privacy watchdog due to alleged violations of the European Union’s data privacy rules, the largest penalty issued yet by the group since the strict 2018 regulations took effect.
The Data Protection Commission (DPC) said in a statement that it had concluded its investigation into WhatsApp’s privacy practices, which it first launched in December 2018.
The commission found that the platform violated EU data transparency rules about sharing user data with fellow Facebook-owned companies.
The DPC’s investigation specifically focused on whether Facebook followed requirements under the EU’s General Data Protection Regulation (GDPR) rules by making clear to users how their data was being used by WhatsApp and other Facebook companies.
The commission said that a draft of the decision had been sent to European regulators in December 2020. This past July, the European Data Protection Board (EDPB) ordered the DPC to reassess the decision to increase an initially proposed fine of $59 million to $267 million.
The fine marks the largest penalty from the regulatory body under the EU’s GDPR rules, and is only the second one issued to date. The watchdog issued a fine against Twitter last year for roughly $534,000 over a security breach.
The penalty is also the second largest issued among all EU privacy regulators, following Luxembourg's roughly $886 million fine against Amazon in July over alleged data privacy violations, according to The Associated Press.
In response to the fine, a WhatsApp spokesperson said in a statement shared with The Hill that its leaders “disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate," adding that the company planned to appeal the decision.
“WhatsApp is committed to providing a secure and private service,” the spokesperson added. “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.”
“They’ve been telling users that their access to their app will be cut off if they do not accept the new terms,” Goyens added. “Yet consumers don’t know what they’re actually accepting.”