Ireland hit Facebook's WhatsApp with a record EUR 225 million fine on Thursday following an inquiry into the messaging app's transparency around sharing personal data with other Facebook companies.
Facebook Inc.’s WhatsApp was ordered to pay a 225 million-euro ($266 million) penalty for failing to be transparent about how it handled personal information, its first fine under beefed-up European Union data protection law.
The Irish Data Protection Commission — Silicon Valley’s main
privacy watchdog in Europe — said it found violations in the way WhatsApp
explained how it processed users’ and non-users’ data, as well as how data was
shared between WhatsApp and other Facebook companies.
The fine comes weeks after Amazon.com Inc. was hit with a
record 746 million-euro penalty in Luxembourg, where it has its European base,
for processing personal data in violation of the EU’s General Data Protection
Regulation.
Under the three-year-old GDPR law, authorities have powers
to fine companies as much as 4% of their annual sales. The rules put watchdogs
based in a company’s chosen EU hub in charge of supervising them. But the Irish
regulator, which has at least 28 privacy probes open targeting tech giants such
as Apple Inc. and Alphabet Inc.’s Google, has faced mounting criticism for
taking too long to wrap up its cases.
“We disagree with the decision today regarding the
transparency we provided to people in 2018 and the penalties are entirely
disproportionate,” a WhatsApp spokesperson said. “We will appeal this
decision.”
The Irish authority said that it would also order the
messaging service to take remedial action to bring its data processing
communication into compliance. This includes making it clearer how users can
lodge a complaint with a supervisory authority.
WhatsApp announced in an Irish regulatory filing in November
it set aside 77.5 million euros to pay potential fines from at least two probes
by Ireland’s data-protection watchdog.
The European Data Protection Board, a panel of EU data
authorities, said in a statement Thursday that it pushed for a higher privacy
fine for WhatsApp leading to the penalty imposed by Ireland.
An initial draft of the fining decision by the Irish
watchdog stumbled amid several objections by EU counterparts, including “the
appropriateness of the envisaged corrective measures.”
Thursday’s fine also comes amid added pressure on WhatsApp
over policy changes it announced in January. It was forced to delay the
overhaul until May after a backlash from users and regulators over what data
the messaging service collects and how it shares that information with its
parent Facebook.
The European Data Protection Board, a panel of EU
authorities, said in July that Facebook’s practices linked to WhatsApp data
should be examined “as a matter of priority” by the Irish privacy watchdog.
The Irish authority in turn said it would consider any
regulatory follow-up where needed, but that its most advanced WhatsApp probe
had already included “an in-depth inquiry into WhatsApp’s privacy policy.”