Security News > 2023 > January > WhatsApp fined €5.5 million by Irish DPC for GDPR violation
The Irish Data Protection Commission has fined WhatsApp Ireland €5.5 million after confirming that the messaging service violated the General Data Protection Regulation.
On May 25, 2018, the DPC initiated an inquiry into a potential violation of the regulation by WhatsApp following a complaint from a German data subject.
WhatsApp Ireland did not clearly outline the legal basis or the explicit reasons for the requested user data processing, which violates Articles 12 and 13 of the GDPR. WhatsApp Ireland has not violated Article 7 due to forced consent because the service did not rely on user consent for delivering its service or using it as a lawful basis for processing personal user data.
The first point will not incur additional penalties because the DPC has already served hefty fines to WhatsApp for the same reasons.
The fine of €5.5 million on WhatsApp Ireland is imposed due to a violation of Article 6 of the GDPR on "Lawfulness of processing," which requires transparency, lawfulness, and fairness in data protection processes.
The DPC will launch a new investigation covering all of WhatsApp's processing operations in its service to determine if there are violations of Article 9 of the GDPR on "Processing of special categories of personal data."