Ireland’s Data Protection Commission has slapped WhatsApp with a €5.5 million fine over GDPR breaches after a German user lodged a complaint. The latest fine to hit Meta comes just a few weeks after the same body, the DPC, slapped the firm with a much larger €390 million fine.
The regulator said that WhatsApp Ireland has to bring its processing in line with GDPR rules within six months if it doesn’t want to face further sanctions. According to the complainant, WhatsApp forced users into agreeing to data processing if they wanted to continue using the services, the complainant argued this was a breach of GDPR as users should have a choice about the data which is processed.
To arrive at its January 12 decision, the DPC did have to go to the European Data Protection Board (EDPB) to resolve some disagreements with Concerned Supervisory Authorities (CSA) that it had to consult with throughout the process. The EDPB said the DPC has to hit Meta with the multimillion euro fine and that the DPC should launch a fresh investigation into Meta regarding the following:
“WhatsApp IE’s processing operations in its service in order to determine if it processes special categories of personal data (Article 9 GDPR), processes data for the purposes of behavioural advertising, for marketing purposes, as well as for the provision of metrics to third parties and the exchange of data with affiliated companies for the purposes of service improvements, and in order to determine if it complies with the relevant obligations under the GDPR.”
According to The Independent, Meta will not accept their fine without a fight and plans to appeal against the decision.