DataGuard News – WhatsApp fined with record sum for privacy breach

The Irish Data Protection Commission has recently announced a record 225 million euros fine for the popular instant messenger service WhatsApp for breaching transparency rules imposed by the GDPR.

Why exactly was WhatsApp fined? 

Since 2018, the Irish Data Protection Commission (DPC) has been investigating whether WhatsApp handles information transparently. Among other things, the DPC examined how the company discloses information on the processing of data between WhatsApp and its parent company Facebook, which has its European headquarters in Ireland. The DPC has now ruled that WhatsApp has not complied with its transparency obligations imposed under GDPR.

Why is this so special?

The Irish DPC has long been criticised for being too passive, especially towards large American corporations that often have their European headquarters in Ireland. Initially, the DPC aimed to impose a smaller fine of 50 million euros, however, after being harshly criticised and further assessing the situation, it decided to raise the fine to 225 million euros. This ruling could potentially be the largest fine since the GDPR became applicable in May 2018. The amount of the fine may seem high at a first glance but if you consider that Facebook is a billion-dollar business and that the GDPR has its infamous 4% rule (data protection fines can amount up to 4% of total annual turnover), you may conclude that this figure is still too low. How the amount of the fine was calculated and whether this will published is currently unclear.

What happens next?

So far, the fine has only been notified. However, Facebook will challenge it in the Irish courts. What or whether anything will be paid in the end remains to be seen. The lawsuit will likely last for several years until this matter is settled. Despite this and regardless of the outcome, we think that this GDPR fine is a strong sign of what to expect from GDPR enforcement for the next years.

What can I do?

Last year, we took an in-depth look at alternative instant messengers in our DataGuard Blog due to data protection concerns with WhatsApp. We evaluated well-known providers such as Threema, Signal, Telegram and WhatsApp based on criteria such as server location, data encryption, use of personal data for advertising purposes, etc. We identified Threema and Signal as best alternatives for WhatsApp. Our tip: Be a pioneer. Don’t wait for others to switch to an instant messenger that adheres to privacy rules – be the one to take the first step and be the one to encourage others to follow you.

Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessions.Subscribe now

 

About the author

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk