WhatsApp has been fined €225 million for breaking the EU’s data privacy law by not telling its users how it was sharing their data with its parent company Facebook.
In one of the biggest fines relating to the General Data Protection Regulation (GDPR), the Irish data regulator applied a penalty more than four times the level it had initially proposed for the messaging service after coming under pressure from other European countries.
The WhatsApp ruling came after Luxembourg fined Amazon a record €746 million in July for breaching GDPR and Ireland fined Twitter €450 million in December for not informing regulators about a data leak within 72 hours.
The Irish Data Protection Commission has more than two dozen ongoing investigations into big tech companies. Amazon has said it will appeal against its fine.
In its ruling after a two-year investigation, Ireland also ordered WhatsApp Ireland to take action to bring its data sharing with Facebook in line with GDPR. WhatsApp was heavily criticized earlier this year for requiring that its users agree to share their personal data, including their phone number, with Facebook.
In July, the European Data Protection Board called for WhatsApp’s data sharing practices with its parent company to be investigated “as a matter of priority.”
WhatsApp attacked the fine, saying it had complied with transparency requirements in 2018. “The penalties are entirely disproportionate. We will appeal [against] this decision,” the company said.
The Irish authority had originally asked WhatsApp for a €50 million fine for breaking GDPR but it quickly came under pressure from other data protection agencies pushing for a stiffer penalty.
In March, Germany’s chief data protection watchdog, Ulrich Kelber, wrote to members of the European Parliament to highlight a lack of action from the Irish authority on GDPR abuses.
In his letter he said Germany alone had “sent more than 50 complaints about WhatsApp” to Dublin, “none of which had been closed to date.”
WhatsApp said it was “committed to providing a secure and private service.” It added: “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so.”