WhatsApp is the new tech giant to fall on the chopping board of the Data Protection Commission in Ireland just right after Twitter was caught in a data breach that led to a fine worth 450,000 Euros (Approx. Ksh.58M) last year December.
A probe launched in 2018 when the European Union enforced new data Laws has found that WhatsApp has not met the required obligation of informing its users of how their data was being processed. The Facebook-owned company is to pay up a total of 225 million Euros (Approx. Ksh.29 Billion) after the commission’s investigations concluded that they had failed to be as transparent as per the General Data Protection Regulation (GDPR) requirements.
“In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.” Statement from the Data Protection Commission in Ireland.
The first interesting aspect out of this case is that WhatsApp, which has always been rocked with privacy concerns alongside their notorious parent company Facebook, had already set aside a sum of 77.5 million Euros (Approx. Ksh.10 Billion) in anticipation of the fine.
A spokesperson has since come out to defend the company against these claims of breach of data protection, as well as to complain about the penalties imposed.
“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so… we disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision.”
The second interesting is the fact that the pre-calculated sum of 77.5 Million Euros would have worked if EU regulators didn’t criticize an initial reported fine set under 100 million Euros, and appeal to the European Data Protection Board for a raise. These EU regulators claimed that the Irish Data Protection Commission was going too soft on such big tech giants.
“This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225m on WhatsApp.” A spokesperson from Ireland’s Data Protection Commission said.
WhatsApp is preparing to appeal this decision, most likely on the size of the fine, and this can be done on either the Irish High Court or directly to the European Court of Justice.
Fines levied on data breach cases like this go straight to the exchequer of the country imposing them.