Primary Menu

CSX BREAKROOM

A person's finger is posed next to the Whatsapp app logo on an iPhone on August 3, 2016 in London, England.

WhatsApp has been fined $267 million by Ireland’s data monitors for breaching European Union data privacy rules.

Per CNBC, Ireland’s Data Protection Commission said today (September 2) that Facebook-owned WhatsApp failed to disclose their EU citizens about what it does with their private information.

The regulator said WhatsApp wasn’t upfront with their European customers on how their personal information is collected and used, along with how WhatsApp shares data with Facebook.

It has ordered the platform, which is used by 2 billion people worldwide, to update its privacy policies and how it communicates with users so that it complies with Europe’s privacy law. This means WhatsApp’s privacy policy may have to be expanded further, which some users and companies have already criticized for being too long and complex.

A WhatsApp spokesperson told CNBC the company plans to appeal. “WhatsApp is committed to providing a secure and private service,” the spokesperson said. “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

On its website, WhatsApp states that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses and other information with Facebook. It says it does not share personal conversations, location data or call logs.

The WhatsApp fine is the largest penalty that the Irish regulator has handed out for violations of Europe’s General Data Protection Regulation. Per CNBC, Europe’s GDPR requires companies to be transparent about how they use customer data.

In July, Luxembourg’s data regulator fined Amazon 746 million euros for breaching GDPR rules around the use of consumer data in advertising. The Luxembourg National Commission for Data Protection said Amazon’s processing of personal data did not comply with GDPR.

Google was also fined with a sum of 50 million euros by France’s privacy regulator in 2019 for GDPR ad violations. CNIL said it had levied the fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalization.”