The much-anticipated EU GDPR enforcement from the Data Protection Commission in Ireland against WhatsApp has arrived. The DPC has issued a €225 million fine against the messaging platform for violations of GDPR transparency principles over its data-sharing plans with Facebook and Instagram. The DPC issued the following Press Release and Decision pursuant to Section 111 of the Data Protection Act, 2018 and Articles 60 and 65 of the GDPR.
The fine ends a lengthy case that began in 2018 and required an Article 65 dispute resolution procedure via the European Data Protection Board. The EDPB has also published a Press Release and Binding Decision on the basis of Art. 65 GDPR on the draft decision by the Irish DPC.
In a statement from noyb, Max Schrems welcomed the first decision by the DPC. However, "the DPC gets about ten thousand complaints per year since 2018 and this is the first major fine. The DPC also proposed an initial € 50 million fine and was forced by the other European data protection authorities to move towards € 225 million, which is still only 0.08% of the turnover of the Facebook Group. The GDPR foresees fines of up to 4% of the turnover. This shows how the DPC is still extremely dysfunctional."
The IAPP has published a full account of the penalty and the road that led to it.
WhatsApp intends to appeal.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 2,500 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.