Ireland’s Data Protection Commission has fined WhatsApp €225 million following a dispute resolution process at the European Data Protection Board. The case goes back to 2018 when the Commission received many complaints concerning the data processing activities of WhatsApp Ireland, especially regarding transparency.
Ireland’s DPA, in its draft decision, proposed a fine in the region on €30-50 million. Eight EU DPAs raised objections on this and other aspects, saying that the fine was not high enough given the seriousness of the matter and the numbers involved. The issue was solved by a dispute resolution mechanism (Article 65 GDPR), during which the EDPB requested in a binding decision that Ireland’s DPA amend the WhatsApp decision with clarifications on transparency and on the calculation of the amount of the fine due to multiple infringements. The EDPB found the consolidated turnover of the parent company (Facebook Inc.) is to be included in the turnover calculation. The EDPB said that when faced with multiple infringements for the same or linked processing operations, all the infringements should be taken into consideration when calculating the amount of the fine.
Following a reassessment, Ireland’s DPA upped its fine on WhatsApp to €225 million, and issued an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.
- Data Protection Commission announces decision in WhatsApp inquiry
- Ireland DPA’s decision
- Binding decision of the EDPB
Source: Privacy Laws & Business