Facebook subsidiary and social media biggie WhatsApp has been slammed with what happens to be the second biggest fine issued by the EU under the GDPR. The fine, which stands at €225 million ($267 million) has been brought upon the green-colored app by the Data Protection Commission (DPC), the regulatory watchdog in Ireland, in a ruling which has been summed up in a voluminous 89-page PDF.
Interestingly, this comes even after Max Schrems, a long-term critic of the privacy policy at Facebook, had filed four separate complaints about the ‘take it or leave it’ stance that social media giants like Facebook, WhatsApp, and Instagram, and Google’s Android, take when it comes to collecting user data.
WhatsApp Failed To Provide Heads Up To Users About Data Collection
According to the verdict, WhatsApp did not inform citizens in the European Union about how it handled their personal data, including sharing the same with its parent firm. One may recall that WhatsApp has been running into quite a bit of trouble with multiple regulatory agencies across the world, ever since it unveiled its controversial plans for a new privacy policy earlier this year.
Under the General Data Protection Regulation (GDPR) of the EU, the social media platform has reportedly been directed to make changes to its privacy policy, so as to alter the way in which it notifies users about sharing their data with third parties. It remains one of the first companies to get on the EU’s bad side after the GDPR came into force in 2018.
The company is currently planning to appeal the decision, says a spokesperson. Claiming that the information provided by them is as “transparent and comprehensive” as can be, the spokesperson has added that apart from disagreeing with the the ruling, they believe the penalties to be “entirely disproportionate.”
The fine has been levied following an investigation that was first launched by the DPC in 2018, and comes in second only to the $887 million fine issued by under the Regulation to online retail giant Amazon, earlier this year.
A Unified Umbrella For Separate Members
This comes as the latest incident when the GDPR’s clause pertaining to the collective enforcement of the data rights of individual users. The clause is believed to have the potential to bolster the implementation of the laws regarding user information, by allowing not-for-profit organizations to file complaints on behalf of individuals.
At the same time though, Member States can choose to divert or derogate from the collective redress provision issued by the GDPR, essentially allowing for autonomy in decision making.
