Facebook Inc.’s messaging app i.e. WhatsApp Ireland Ltd. was ordered to pay €225 million for privacy breach; the sanction was imposed on account of failure to be transparent about its handling of personal information. It is the most talked about news and case and is gaining international attention as it is the first under beefed up European Data Protection Laws.
The Irish Data Protection Commission received pressure from EU Privacy watchdog in order to raise the penalty for WhatsApp’s privacy breaches and subsequently the fine was raised and it created a history in the privacy world. Although when we compare this sanction to the Luxembourg Privacy Agency which sanctioned Amazon for 886.6 million euro fine then definitely it would be second in place.
The Data Protection Commission (DPC) is the national authority/ Irish supervisory authority for the GDPR and also performs functions under and empowered to other regulatory frameworks including the Irish ePrivacy Regulations (2011) and the EU directive known as the Law Enforcement Directive.
The DPCs investigation commenced on 10th December 2018 and after a lengthy and comprehensive investigation, DPC submitted a draft decision to Concerned Supervisory Authorities (CSAs) under article 60 of GDPR and on which DPC received objections from 8 CSAs and triggered the dispute resolution process under article 65 GDPR on 3rd June 2021.
Thereafter, on 28th July 2021, the European Data Protection Board (EDPB) adopted a binding decision (please download here- https://edpb.europa.eu/system/files/2021-09/edpb_bindingdecision_202101_ie_sa_whatsapp_redacted_en.pdf) and this decision was notified to the DPC. The decision contained clear instruction to raise or reassess its proposed fine on the basis of a number of factors contained in the said decision and following the reassessment fine was decided to be 225 million Euro.
Now the question comes which breach was committed by WhatsApp?
The DPC had to decide/examine whether WhatsApp has discharged its GDPR transparency obligation with regard to the provision of information and the transparency of that information to users and non-users of WhatsApp services. In other words, whether WhatsApp conformed in 2018 with EU data rules about transparency?
However, WhatsApp has shown its disappointment and said that the fine is entirely disproportionate and they will appeal against it.
Refences-
The Economic Times
https://www.dataprotection.ie/
https://edpb.europa.eu/edpb_en
Picture Credit- https://www.dailymail.co.uk/