The Irish Data Protection Commission has recently announced a record 225 million euros fine for the popular instant messenger service WhatsApp for breaching transparency rules imposed by the GDPR.
Why exactly was WhatsApp fined?
Since 2018, the Irish Data Protection Commission (DPC) has been investigating whether WhatsApp handles information transparently. Among other things, the DPC examined how the company discloses information on the processing of data between WhatsApp and its parent company Facebook, which has its European headquarters in Ireland. The DPC has now ruled that WhatsApp has not complied with its transparency obligations imposed under GDPR.
Why is this so special?
The Irish DPC has long been criticised for being too passive, especially towards large American corporations that often have their European headquarters in Ireland. Initially, the DPC aimed to impose a smaller fine of 50 million euros, however, after being harshly criticised and further assessing the situation, it decided to raise the fine to 225 million euros. This ruling could potentially be the largest fine since the GDPR became applicable in May 2018. The amount of the fine may seem high at a first glance but if you consider that Facebook is a billion-dollar business and that the GDPR has its infamous 4% rule (data protection fines can amount up to 4% of total annual turnover), you may conclude that this figure is still too low. How the amount of the fine was calculated and whether this will published is currently unclear.
What happens next?
So far, the fine has only been notified. However, Facebook will challenge it in the Irish courts. What or whether anything will be paid in the end remains to be seen. The lawsuit will likely last for several years until this matter is settled. Despite this and regardless of the outcome, we think that this GDPR fine is a strong sign of what to expect from GDPR enforcement for the next years.
What can I do?
Last year, we took an in-depth look at alternative instant messengers in our DataGuard Blog due to data protection concerns with WhatsApp. We evaluated well-known providers such as Threema, Signal, Telegram and WhatsApp based on criteria such as server location, data encryption, use of personal data for advertising purposes, etc. We identified Threema and Signal as best alternatives for WhatsApp. Our tip: Be a pioneer. Don’t wait for others to switch to an instant messenger that adheres to privacy rules – be the one to take the first step and be the one to encourage others to follow you.