Ireland’s Data Protection Commission (DPC) fined Facebook-owned WhatsApp 225 million euros (USD 266) for violating the European Union’s General Data Protection Regulation (GDPR). This is the second-largest fine under the bloc’s privacy law and it comes a month after another US tech company, Amazon, revealed that it was fined a record 746 million euros.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” a WhatsApp spokesperson told MediaNama. WhatsApp will appeal the decision, the spokesperson added.
Why was WhatsApp fined?
According to Wall Street Journal, DPC had initially proposed a fine of up to 50 million euros but after objections from other competition watchdogs of other EU countries, the dispute resolution process was triggered and a board of all EU privacy regulators voted to order DPC to levy a bigger fine. DPC is the lead regulator because WhatsApp’s European headquarters is located in Dublin.
According to GDPR provisions, this decision can be appealed in Irish courts as well as directly with the EU’s Court of Justice.
WhatsApp facing CCI probe in India
In January this year, WhatsApp began alerting its users globally with an in-app notification about updates to its terms of service and privacy policies. The new policies are largely expanded and better-explained versions of their existing conditions, albeit with some additions. The most notable addition includes WhatsApp’s integration into the Facebook family of products and more data-sharing with Facebook.
Status of India’s data protection bill
The draft Personal Data Protection (PDP) Bill, which is India’s version of GDPR, will impact how businesses collect and use data about Indian users and the rights that users have over the data that is collected about them.
The Bill was first introduced in the Winter Session of the Indian Parliament in 2019 and was referred to a Joint Parliamentary Committee (JPC). The JPC was expected to present the report to the parliament in the current Monsoon Session but was granted an exemption till the Winter Session. This is the third such extension that the JPC has received.
- Irish Data Protection Commission Fines Twitter 450,000 Euros For Protected Tweet Vulnerability
- Summary: China Passes GDPR-Like Data Privacy Law, Except That Many Restrictions Do Not Apply To The Government
- India To Seek ‘Adequacy’ Status With The GDPR After Data Protection Bill Is Passed: Report
Have something to add? Post your comment and gift someone a MediaNama subscription.