Security News > 2023 > January > Ireland’s privacy watchdog fines WhatsApp €5.5 million
Ireland's data protection authority has fined WhatsApp Ireland €5.5 million for breaches of the GDPR relating to its service and told it comply with data processing laws within six months.
Why Ireland? The Irish Data Protection Commissioner is the head regulator for several of the US tech giants, and this is because they have sited their operations in the European Union member state - with its Silicon Valley friendly 12.5 percent corporate tax rate.
The complainant claimed WhatsApp was seeking to rely on consent to provide a lawful basis for its processing of users' data and that, by making the accessibility of its services conditional on users accepting the updated Terms of Service, the company was "Forcing" the users to consent to such processing, in breach of the GDPR. The fine meted out to the Meta-owned company resulted from a drawn-out process between Ireland's data protection authorities and various EU data protection bodies.
Finally, the European Data Protection Board ruled, mostly with the DPC original decision.
Taking the EDPB view into account, the DPC ruled that WhatsApp is not entitled to rely on the contract legal basis for the delivery of service improvement and security for the WhatsApp service and that its processing of this data to-date, in purported reliance on the contract legal basis, amounts to a contravention of the GDPR. The fine may be chicken feed to WhatsApp's owner, Meta, which also own that prime social media real estate Facebook.
It shows European data protection authorities' continuing ferocity in pursuing data protection action.