Meta, the parent company of WhatsApp, has been fined €5.5m by the Data Privacy Commissioner (DPC) in Ireland for the way it uses user data for service improvements in its messaging platform. This fine is an additional breach of the European Union’s privacy laws, following similar orders issued by the regulator to Meta for its other platforms, Facebook and Instagram.
According to Tech Monitor, the fine comes amid increasing disagreement between the Irish regulator and its European counterparts. Meta plans to dispute the fine, claiming that its practices are legal and compliant with GDPR. However, the company has been ordered to reassess how it targets advertising through the use of personal data and to further examine the legal basis behind the techniques it uses.
WhatsApp disputes the claims and says it will appeal, believing that the way its services operate is technically and legally compliant with EU privacy laws.
As part of the action from DPC, WhatsApp has also been ordered to ensure its data processing operations are fully compliant with Europe’s General Data Protection Regulation (GDPR) within six months or face further action.
Ireland’s data watchdog acts as the lead EU regulator for Big Tech companies due to the number of them which have their EU headquarters in the country. The regulator described the penalty as “administrative” and is low in comparison to some other recent sanctions against Meta and its services.
The fine was the result of a complaint from a user over the way WhatsApp asked them to agree to accept updated terms of service when GDPR first came into effect in May 2018.
It informed users that if they wanted to use the app, they had no choice but to agree to the updated terms. This, they argued, amounted to WhatsApp forcing them to consent to their personal data being processed for service improvement and security, which runs counter to GDPR.