WhatsApp Issued GDPR Fine of €225m in Ireland

Updated: 3 September 2021
Updated: 3 September 2021

Fact-checked by

Ireland’s Data Information Officer has just fined WhatsApp with €225M for breaching several privacy regulations. In the history of the GDPR, this is the second-largest fine they’ve issued. It’s also the largest ever issued by the Irish Data Protection Commission.

Back in 2018, WhatsApp was put under investigation for transparency problems regarding the information it provides to users. It wasn’t clear enough whether the company adequately informed its users about the data processing. Ever since, WhatsApp changed its Privacy Policy several times.

A company spokesperson said that “WhatsApp is committed to providing a secure and private service.”

He further said that “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

This time, the fine is so large because GDPR technically allows for companies to be fined up to 4% of their global turnover.

In This Guide

Initial Disagreement

When the Irish DPC sent for the decision on the fine to other data authorities, many did not agree with this ruling. After an extensive analysis of the circumstances and context, eight countries objected to the fine, including France, Italy, and Germany.

Some countries were in disagreement about the specific GDPR articles WhatsApp had broken. Others had something to say about the way the Irish DPC had calculated the fine.

Eventually, the European Data Protection Board informed the Irish DPC to “reassess” the proposed fine of €30-50m and think twice about “setting out a higher fine amount.”

Still, the Irish DPA formally reprimanded WhatsApp and demanded that it “bring its processing into compliance.” Max Schrems, a privacy campaigner, thinks the decision is correct yet he also added that this situation “shows how the DPC is still extremely dysfunctional.”

He added that “The DPC gets about 10,000 complaints per year since 2018 – and this is the first major fine,” and that “in the Irish court system, this will mean that we will see years before any fine is actually paid.”

WhatsApp already planned an appeal to this decision by the Irish DPC. In the history of the GDPR, only Amazon received a higher fine (€746m) for failing to comply with data-processing laws. Amazon, too, staunchly defends its innocence.

You can check out all publicly known GDPR fines by using our linked GDPR fines tracker.

WhatsApp GDPR Fine

Written by: Miklos Zoltan

Connect with the author:

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

In This Guide

Leave a Reply

Your email address will not be published.