Take a fresh look at your lifestyle.

WhatsApp, fined 225 million euros: the second highest fine in the history of the EU in Data Protection

WhatsApp will have to pay 225 million euros for violating the privacy of users and breaking the European Data Protection Regulation. This has been announced by the Data Protection Commission, which concludes the investigation that began in December 2018.

The Data Protection organization has concluded that WhatsApp did not fulfill its obligations to inform users and be sufficiently transparent, both for WhatsApp users themselves and for those who do not use this messaging application. In relation to data managed between WhatsApp itself and Facebook.

Data passed from Facebook to WhatsApp (and vice versa)

WhatsApp Ireland Ltd, a national company that manages the application in Europe, has been the investigated company. Responding to the Irish Times, Data Protection Commissioner Helen Dixon explains that WhatsApp only provided users with 41% of the information prescribed to its users, but none to non-users. A “severe information deficit” which translates into four GDPR violations, defined by Dixon as “very serious.”

In response to the WSJ, WhatsApp explains that “we do not agree with today’s decision regarding the transparency we provided to people in 2018 and the penalties are completely disproportionate.”

From Xataka we have contacted Facebook to learn more details about their position.

Research has focused on see if WhatsApp provides enough information on how it shares user data with Facebook, its parent company. There is also the point of “non-users”, that is, of those phone numbers that are loaded when the phonebook is synchronized with the application.

The 15 largest fines that have been imposed by GDPR so far

Something seems to have changed within the European Union regarding the Data Protection Regulation. If until the middle of this year the largest fine had gone to Google, with a value of 50 million euros, now this fine to WhatsApp is more than four times higher.

Precisely between 30 and 50 million euros was the initial amount that the DCP had planned to impose, as reflected in the first draft.

It’s about the second multimillion-dollar fine imposed by the European Union in terms of Data Protection in a couple of months. At the end of July, the Luxembourg authority, where Amazon is based in Europe, imposed a record fine of 746 million euros.