WhatsApp Fined $267 Million for Not Informing EU Citizens How Personal Data is Handled

WhatsApp has been fined €225 million, or $267 million USD, for breaking several of the European Union's data privacy rules, including one that requires companies to properly inform citizens how their personal data is handled.

On Thursday, Ireland's Data Protection Commission handed down the decision in an 89-page summary that said WhatsApp failed to tell European users how their information was being collected and used, as well as how the data was being shared with WhatsApp's parent company, Facebook.

"This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies," the regulator said in a statement.

On top of the fine, WhatsApp has been ordered by Ireland's data watchdog to update its already lengthy privacy policy and to change the way it notifies users about data sharing in a way that complies with the E.U.'s privacy law.

The European Data Protection Board previously told Ireland's commission to take into account Facebook's turnover and shorten the deadline for Facebook to comply from six months to three months.

WhatsApp said that it plans to appeal the decision, calling the penalties "disproportionate."

"WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so," a spokesperson for the company said. "We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate."

The fine relates to an investigation that opened in 2018 over concerns of the platform's transparency. WhatsApp has updated its policies several times since the probe began.

It is also not the only investigation the Irish regulator has opened into Facebook. As of the end of last year, there were 14 major inquiries opened into the social networking company and its subsidiaries.

WhatsApp Facebook Data Privacy Fined EU
Facebook-owned WhatsApp has been fined $267 million for violating the European Union's data privacy rules. The Facebook logo and WhatsApp logo appear on the screens of a smartphone and tablet in Toulouse, southwestern France on October 5, 2020. Lionel Bonaventure/AFP

The Thursday decision is the second-largest fine that has been handed out for a violation of Europe's General Data Protection Regulation (GDPR) since it came into effect in May of 2018.

GDPR rules allow for colossal fines of up to four percent of an offending company's global turnover.

Earlier this summer, Amazon was fined a record-breaking $887 million by Luxembourg's data regulator for breaching the GDPR.

The Luxembourg National Commission for Data Protection said Amazon's processing of personal data was in violation of the law—a decision the e-commerce company had said it plans to appeal.

Google and Facebook have also previously been fined for not complying with the GDPR.