Available at a fixed monthly cost

Get your quote today

What we offer at a glance

  • Get an external data protection officer
  • Audit of your data privacy status quo
  • GDPR support for small businesses and large corporations
  • Personal contact person & individual support
  • Easier communication with authorities
  • 100+ experts from the fields of law, economics & IT

Don't trust us, trust them:

Jedox  Logo Contact Demodesk Logo Contact Elevate Logo Contact Canon  Logo Contact CBTL Logo Contact Alasco  Logo Contact RightNow Logo Contact Veganz Logo Contact Escada Logo Contact First Group Logo Contact

Learn more about our prices & services

or call us now: (020) 36956 452

DataGuard News – WhatsApp fined with record sum for privacy breach

The Irish Data Protection Commission has recently announced a record 225 million euros fine for the popular instant messenger service WhatsApp for breaching transparency rules imposed by the GDPR.

Why exactly was WhatsApp fined? 

Since 2018, the Irish Data Protection Commission (DPC) has been investigating whether WhatsApp handles information transparently. Among other things, the DPC examined how the company discloses information on the processing of data between WhatsApp and its parent company Facebook, which has its European headquarters in Ireland. The DPC has now ruled that WhatsApp has not complied with its transparency obligations imposed under GDPR.

Why is this so special?

The Irish DPC has long been criticised for being too passive, especially towards large American corporations that often have their European headquarters in Ireland. Initially, the DPC aimed to impose a smaller fine of 50 million euros, however, after being harshly criticised and further assessing the situation, it decided to raise the fine to 225 million euros. This ruling could potentially be the largest fine since the GDPR became applicable in May 2018. The amount of the fine may seem high at a first glance but if you consider that Facebook is a billion-dollar business and that the GDPR has its infamous 4% rule (data protection fines can amount up to 4% of total annual turnover), you may conclude that this figure is still too low. How the amount of the fine was calculated and whether this will published is currently unclear.

What happens next?

So far, the fine has only been notified. However, Facebook will challenge it in the Irish courts. What or whether anything will be paid in the end remains to be seen. The lawsuit will likely last for several years until this matter is settled. Despite this and regardless of the outcome, we think that this GDPR fine is a strong sign of what to expect from GDPR enforcement for the next years.

What can I do?

Last year, we took an in-depth look at alternative instant messengers in our DataGuard Blog due to data protection concerns with WhatsApp. We evaluated well-known providers such as Threema, Signal, Telegram and WhatsApp based on criteria such as server location, data encryption, use of personal data for advertising purposes, etc. We identified Threema and Signal as best alternatives for WhatsApp. Our tip: Be a pioneer. Don’t wait for others to switch to an instant messenger that adheres to privacy rules – be the one to take the first step and be the one to encourage others to follow you.

Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessions.Subscribe now


About the author