Ireland’s Data Protection Commission (DPC) has issued a significant fine to WhatsApp Ireland, a subsidiary of Facebook-owned Meta, for violating the EU’s General Data Protection Regulation (GDPR) related to its service in the country. The DPC has imposed a fine of €5.5 million ($6 million) on WhatsApp Ireland for breaches of GDPR rules. This fine is a major blow to Meta, which was recently fined 390 million euros by the DPC when its other subsidiaries, Instagram and Facebook, were found to be in violation of GDPR rules.
The Data Protection Commission (DPC) has found WhatsApp Ireland guilty of “breaching its obligations in relation to transparency” in an investigation into a complaint made in 2018 by a German user.
The complaint alleged that WhatsApp’s new rules, which required users to accept updated ‘contract’ terms in order to access their services following the implementation of GDPR, were in violation of GDPR as it forced users to agree to data processing in order to continue using the service.
The DPC found that WhatsApp Ireland did not have a lawful basis for its processing of personal data and gave them six months to bring their operations in line with GDPR rules or face further action. WhatsApp plans to appeal the decision.