Making its largest ever EU GDPR fine, the Irish Data protection Commission (“IDPC”) has fined WhatsApp €225m (£193m) for breaching the rules around being transparent enough in providing information on how data was processed, and whether its privacy notices were sufficiently clear.
Strangely, the original fine suggested was around €40 million, but the European Data Protection Board (who oversee EU GDPR) told IDPC to increase it.
Naturally, WhatsApp says that they are committed to providing a secure service, and they intend to appeal the ruling.
This is the second-highest ever GDPR fine, only topped by Luxembourg’s regulator fining Amazon €476 million earlier this year, which Amazon said was without merit and again would be strongly defended.
Perhaps this is an indication of how GDPR does hold organisations to account, and why strong data protection regulations are important to us all.