[TheRecord] WhatsApp hit with giant €225 million (~$267M) million GDPR fine

Ireland’s data protection agency has announced today a €225 million ($267 million) fine against Facebook’s WhatsApp for failing to comply with the European Union’s General Data Protection Regulation (GDPR).

The fine represents the second-largest GDPR penalty after Amazon was fined €746 million ($887 million) in Luxembourg at the end of July.

According to the Irish Data Protection Commission (DPC), WhatsApp was fined for failing to properly inform users how their WhatsApp data would be used by Facebook, the app’s parent company.

The investigation into WhatsApp’s GDPR violations began in December 2018 in Ireland, where Facebook’s European headquarters are based.

Following a first investigation, Irish officials wanted to fine WhatsApp €50 million, but the initial fine was vetoed by other data protection agencies part of the European Data Protection Board (EDPB), the EU privacy watchdog, who forced the Irish regulator to assess other GDPR violations, resulting in the larger fine announced today.

The DPC’s subsequent investigation found that WhatsApp broke four GDPR articles:

Article 5(1)(a) of the GDPR, for which it received a fine of €90 million; Article 12 of the GDPR, for which it received a fine of €30 million; Article 13 of the GDPR, for which it received a fine of €30 million; Article 14 of the GDPR, for which it received a fine of €75 million.

See below for a breakdown, per the DPC and EDPB investigation report [PDF]:

In a canned statement, WhatsApp said the fine reflected the status of its service in 2018, not 2021, and planned to appeal.

The post WhatsApp hit with giant €225 million (~$267M) million GDPR fine appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Resilience: RSA Conference 2021

All posts, Security Week

For many of us, RSA Conference 2020 in San Francisco was the last time we came together as a community, met with colleagues, and saw new technology offerings. It was one of the last global events held in person before the lockdown, and since that time, we’ve had to switch to digital methods for interaction […]

Read More

Daily NCSC-FI news followup 2019-08-10

iNSYNQ Ransom Attack Began With Phishing Email krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/ A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQs […]

Read More

Daily NCSC-FI news followup 2020-11-13

Sote-alalla on huolta siitä, miten pienet yritykset kestävät tietoturvan parantamisen kustannukset — valtiolta toivotaan tukea yle.fi/uutiset/3-11646290 Hanna-Maija Kause sanoo, että tietoturvajärjestelmiin fokusoimisen lisäksi vähintään yhtä tärkeää on kehittää tietoturvakulttuuria. “Se tarkoittaa sitä, että tarvitaan enemmän koulutusta turvallisista tietosuojakäytännöistä ja tietosuojakulttuurista, joka kaikissa organisaatioissa on.” Australian government warns of possible ransomware attacks on health sector www.zdnet.com/article/australian-government-warns-of-possible-ransomware-attacks-on-health-sector/#ftag=RSSbaffb68 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.