NEWS3 September 2021

Irish data regulator fines WhatsApp €225m over privacy

Europe GDPR News North America Privacy Technology

IRELAND – The Data Protection Commission (DPC) has issued WhatsApp with an administrative fine of €225m following an investigation that began in 2018.


The inquiry focused on whether WhatsApp had adhered to GDPR obligations in a previous privacy policy, regarding the transparency of information provided to users and non-users of WhatsApp.

"This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies," the DPC said in a statement.

The authority submitted a draft decision to other concerned supervisory authorities in the European Union in December 2020, and subsequently received objections from eight of the authorities.

In July, the European Data Protection Board (EDPB) instructed the DPC to reassess and increase its original proposed fine.

In addition to the fine, the DPC said it has imposed an order for WhatsApp to "bring its processing into compliance". 

A WhatsApp spokesperson said: "WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision."