On Thursday, Ireland’s Data Privacy Commissioner (DPC), its lead EU privacy regulator fined Meta’s WhatsApp subsidiary for 5.5 million euros ($5.95 million)
for an additional breach of the bloc’s privacy laws.
WhatsApp was also told by the DPC to reassess how it uses personal data for service improvements following a similar order that was issued earlier in this month to Meta’s other main platforms, Facebook and Instagram, which said that Meta must review the legal basis upon which it points advertising through the use of personal data.
A WhatsApp spokesperso said that it intended to appeal the decision, and that it vehemently believed that the way its service operates is both technically and legally compliant.
The Irish antitrust watchdog, which is the lead EU regulator for many of the world’s top technology companies due to the location of their European headquarters in Ireland, directed WhatsApp to bring its processing operations into compliance within six months.
On Thursday, the commission levied a fine on WhatsApp worth 225 million euros in September 2021 for breaches that occurred in May 2018, the same period of time as the complaint dealt with. WhatsApp is in the process of appealing that fine through the Irish courts.
The antitrust regulator has fined Meta 1.3 billion euros to date and has 10 other inquiries open into its services.
The penalty follows a much larger 390-million-euro fine for Meta’s Instagram and Facebook platforms two weeks ago after they were found to have scorned the same EU rules.
In its new decision, the Irish Data Protection Commission (DPC) found the group acted “in breach of its obligations in relation to transparency,” the watchdog said in a statement.
Moreover, Meta relied on an incorrect legal basis “for its processing of personal data for the purposes of service improvement and security,” the DPC added, giving the group six months to comply.
The fine was imposed by the Irish regulator because Meta — along with other US tech firms — has its European headquarters in Dublin.
Meta announced its intention to appeal the 4 January decision, adding the regulatory ruling did not prevent targeted or personalised advertising.
The DPC said its more recent fine was considerably less because of a 225 million euro fine imposed on WhatsApp “for breaches of this and other transparency obligations over the same period of time”.
Thursday’s Whatsapp fine was also far lower because it did not relate to targeted advertising.
The Irish regulator had fined Meta 405 million euros in September for failures in handling the data of minors, and 265 million euros in November for not sufficiently protecting users’ data.