Ireland’s Data Privacy Commissioner (DPC) has hit Facebook-owned messaging platform WhatsApp with a €225 million ($266 million) administrative fine for violating the EU’s GDPR privacy regulation after failing to inform users and non-users on what it does with their data.
EU data regulators can impose maximum GDPR fines of up to €20 million (about $24.3 million) or 4% of the infringing company’s annual global turnover – whichever is greater – for violating EU’s privacy laws.
The fine follows an investigation started in December 2018 after the data watchdog received multiple complaints from “individual data subjects” (both users and non-users) regarding WhatsApp data processing activities.
Throughout the investigation, Ireland’s DPC examined whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service.
This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies, the regulator explained.