Facebook-owned messaging service WhatsApp has been hit with a fine of 225 million Euro ($266 million) by Ireland for its general privacy policy that allegedly doesn’t lay out how user data would be used in clear enough terms.
WhatsApp has had its fair share of vulnerabilities in the past, including one notorious exploit that allowed bad actors to install spyware on the victims’ devices. However, the Irish Data Protection Commission has fined WhatsApp a whopping $266 million for how it doesn’t clarify the ways in which user data is used.
This is the highest GDPR fine that the country has ever issued for such an issue. It also happens to be the second-highest GDPR fine imposed by the European Union, second only to Amazon’s $887 million fine from July this year.
While the million-dollar fine is just pocket change for the messaging service, a WhatsApp spokesperson told BBC News, “We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”
WhatsApp reportedly wasn’t alone in objecting to the severity of the fine. GDPR rules mandate that the Irish Commission only issue fines after consulting the other EU countries. Eight such countries including Germany, Italy, and France reportedly objected to the fine.
The most important disagreement that fuelled the strong opposing vote was which specific GDPR elements WhatsApp had allegedly breached and how the imposed fine was calculated. The collective European Data Protection Board reportedly instructed Ireland to “reassess” its findings and set a “higher fine amount” than the originally intended $36 million to $59 million.
Nevertheless, the WhatsApp spokesperson reiterated the company’s commitment to privacy saying, “WhatsApp is committed to providing a secure and private service.” “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so,” he told BBC News.
[Via BBC News]