WhatsApp GDPR violation costs €5.5 million, penalized by Irish DPC

WhatsApp has been fined €5.5 million by the Irish Data Protection Commission (DPC) for violating the GDPR and has been given a time frame of six months to fix their non-compliance. Failing to comply by then, more fines will be issued for the social media giant.

The non-compliance compliant was made by a German data subject. The compliant was received on the same day when WhatsApp updated its Terms of Service and requested EU users to agree to the same.

WhatsApp GDPR violation for ignoring user consents

WhatsApp forced EU users to accept the new Terms of Service changes instead of giving them an option to deny it. Its more like saying its optional, but just giving one choice to choose from, nothing new from Meta just the repetitive ignorance to user consents.

As per GDPR norms and regulations, WhatsApp GDPR violation has been due to the breach of Article 7 recital 32 of GDPR. In that article, it is required to get user consent which must be free of choice, with specific, informed and unambiguous basis, with zero pressure or influence.

After proper investigation, the Irish DPC mentioned that WhatsApp didn’t disclose clear information for the requested user data processing, breaching article 12 and 13 of the GDPR.

“The DPC, having already imposed a very substantial fine of €225 million on WhatsApp Ireland for breaches of this and other transparency obligations over the same period of time, did not propose the imposition of any further fine or corrective measures, having done so already in a previous inquiry,” reads the rationale of the decision.

WhatsApp’s GDPR violation will be double-checked by Germany

It is to be noted that even the German Supervisory Authority will review the case and investigate things further on WhatsApp GDPR violation.

The fine imposed by Irish DPC, which is €5.5 million is mainly because of the violation of Article 6 of the GDPR for unlawful processing with no fairness in data processing.

In addition to this fine, the Irish DPC will initiate new investigation, scrutinizing WhatsApp’s data processing operations seeing if there are GDPR Violations as per Article 9.

The motive is to see if WhatsApp manipulates collected data for advertising and marketing purposes, and if the same is being shared with an external entity for targeted promotions.

However, WhatsApp claims it is innocent and hasn’t breached GDPR compliance, and will go for appealing the IDC decision.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.