WhatsApp fined $ 267 million for violating EU privacy rules

Facebook-owned WhatsApp has been fined a record 225 million euros ($ 267 million) by the Irish data watchdog for violating EU data privacy rules .

The Irish Data Protection Commission said on Thursday that WhatsApp had not sufficiently informed citizens of the European Union about what it was doing with their data.

The regulator said WhatsApp did not explain to Europeans how their personal information is collected and used, or how WhatsApp shares data with Facebook.

He ordered the platform, which is used by 2 billion people worldwide, to change its privacy policies and the way it communicates with users so that it complies with European privacy law. As a result, WhatsApp may need to extend its privacy policy, which some users and businesses have already criticized for being too long and complex.

A spokesperson for WhatsApp told CNBC the company plans to appeal the decision.

“WhatsApp is committed to providing a secure and private service,” they said. “We have worked to ensure that the information we provide is transparent and complete and will continue to do so.”

“We do not agree with today’s ruling on the transparency we offered to people in 2018 and the sanctions are grossly disproportionate,” the spokesperson added.

In an FAQ on its website, WhatsApp states that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses, and other information with Facebook. However, it does not share personal conversations, location data, or call logs.

The WhatsApp fine is the biggest sanction the Irish regulator has imposed for violations of the European General Data Protection Regulation, or GDPR.

GDPR requires businesses to be clear and straightforward about how they use customer data.

The legislation – approved in April 2016 and applied since 2018 – replaced a previous law called the Data Protection Directive and aims to harmonize rules across all 28 EU countries.

Some critics argue that EU regulators have been too slow to impose the law and impose sanctions on Big Techs for non-compliance.

In July, the Luxembourg data regulator fined Amazon 746 million euros for violating GDPR rules regarding the use of consumer data in advertising. The Luxembourg National Commission for Data Protection has declared that the processing of personal data by Amazon does not comply with the GDPR.

Elsewhere, Google was fined 50 million euros by the French privacy regulator, the CNIL, in 2019 for violating GDPR ads. The CNIL said it had imposed the fine for “lack of transparency, inadequate information and lack of valid consent concerning the personalization of ads”.