The Irish Authority has imposed a €225 million GDPR fine on WhatsApp for privacy violations.
WhatsApp received the penalty from the Irish DPA, which is responsible for monitoring GDPR compliance at the EU level. The Irish data protection authority, claims that the social media app is manipulating processed data in a manner that’s not transparent.
According to the regulator, WhatsApp failed to inform its users about how they collect and share with Facebook the personal information.
WhatsApp claims to share with Facebook phone numbers, transaction data, business interactions, mobile device information, IP addresses, and other information. However, they do not share personal conversations, location data, and phone logs.
In short, under GDPR companies must be clear and transparent about how they use customer personal data.
WhatsApp's may need to expand its privacy policy
The watchdog ordered the platform to change its privacy policies, even though it has over 2 billion users throughout the world. In addition, the platform needs to modify how it communicates with users in order to comply with European privacy rules. Therefore, WhatsApp's may need to expand its privacy policy. Some users and businesses already criticized it as being overly long and complicated.
WhatsApp's pleading
"We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,'' claims the social media app.
On November 1, 2021, the summary of WhatsApp's appeal of the €225 million GDPR fine was published.
Following the appeal, WhatsApp asked for the full annulment of the penalty, claiming the EDPB's allegations of improper practices. The company owned by Facebook, specifically claims that the EDPB "exceeded its competence" under Article 65 of the GDPR.
This is the second-largest GDPR fine penalty. Amazon was fined the maximum amount of € 746 million by the Luxembourg data protection authorities in July for violating GDPR's regulations on the use of consumer data in advertising.
How Sovy can help?
With our portfolio of online tools and services, we can help you get compliant and stay compliant, including:
•eLearning for GDPR and CyberSecurity
•Cookie Consent Manager with data rights access requests
•Privacy Policy Builder
•Records of Data Processing
We also provide Advisory Services to help you with your company's specific needs.
Contact us for more information.
Source 1: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62021TN0709
Source 2: https://iapp.org/news/a/details-emerge-on-appeal-of-whatsapps-225m-euro-gdpr-fine/
Last updated: January 7, 2022