Ireland fines WhatsApp €225m for breaking EU data protection rules

Ireland's Data Protection Commission (DPC) has fined WhatsApp €225 million for breaking EU rules on user privacy.

The authority said that WhatsApp Ireland had failed to provide the necessary data protection information to users.

It's the largest fine ever issued by the DPC and the second-largest imposed on an organisation under EU data protection laws.

The Facebook-owned messaging platform was also cited for failing to meet its "transparency obligations".

The initial fine given to WhatsApp was increased by the European Data Protection Board due to "a number of factors", the DPC added.

The body, which is the lead data privacy regulator for Facebook within the European Union, said the issues related to whether WhatsApp conformed in 2018 with EU data rules about transparency.

"This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies," the Irish regulator said in a statement.

A WhatsApp spokesperson said in a statement that the issues in question-related to policies in place in 2018.

"WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so," the spokesperson said.

The decision by the DPC released on Thursday reads:

"An administrative fine, pursuant to Articles 58(2)(i) and 83, addressed to WhatsApp, in the amount of €225 million. For the avoidance of doubt, that fine reflects the infringements that were found to have occurred, as follows: i. In respect of the infringement of Article 5(1)(a) of the GDPR, a fine of €90 million; ii. In respect of the infringement of Article 12 of the GDPR, a fine of €30 million; iii. In respect of the infringement of Article 13 of the GDPR, a fine of €30 million; and iv. In respect of the infringement of Article 14 of the GDPR, a fine of €75 million."