The Irish DPC said that it found irregularities in WhatsApp’s explanation about the processing of user and non-user data. Additionally, the DPC was also unhappy with the way data sharing occurred between WhatsApp and other entities owned by Facebook.
WhatsApp said it would appeal the fines, calling it “entirely disproportionate”
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision,” a WhatsApp spokesperson said in a statement. A panel of the European Union data authorities known as the European Data Protection Board said in a statement that it sought a higher fine on WhatsApp. This led to the €225 million penalty imposed by the DPC in Ireland. While it’s unclear what could happen during the appeal, WhatsApp now has 3 months to comply with the EU’s General Data Protection Regulation (GDPR). In November 2020, WhatsApp revealed in a regulatory filing that it is keeping aside €77.5 million to pay off fines as part of ongoing investigations by the Irish DPC. WhatsApp is under a lot of pressure since it announced the contentious policy changes in January this year. Regulators and privacy watchdogs are wary of the changes sought by WhatsApp. Following criticism from all corners, WhatsApp pushed the policy change to May. The nature of the data collected by WhatsApp was among the most contentious issues for regulators. Additionally, there were some concerns about how data sharing would occur between WhatsApp and Facebook. Just this week, WhatsApp announced that its infamous privacy policy will be optional. However, the company included a caveat wherein users will need to accept the policy if they want to interact with a business account based on the cloud. This indicates a softening of the company’s stance to some extent, especially since the policy’s announcement in January.
