Jump to content
  • WhatsApp fined €5.5 million by Irish DPC for GDPR violation

    alf9872000

    • 366 views
    • 3 minutes
     Share


    • 366 views
    • 3 minutes

    The Irish Data Protection Commission (DPC) has fined WhatsApp Ireland €5.5 million ($5.95m) after confirming that the messaging service violated the General Data Protection Regulation (GDPR).

     

    The authority has ordered WhatsApp to bring its data processing operations into compliance within six months, or it faces a new fine.

     

    On May 25, 2018, the DPC initiated an inquiry into a potential violation of the regulation by WhatsApp following a complaint from a German data subject.

     

    On that same day, WhatsApp updated its Terms of Service and prompted all EU-based users to accept the changes by clicking to keep accessing the app's main interface.

    Ignored user consent

    The complaint submitted to DPC contended that WhatsApp forced users to accept the changes by making it a condition to continue using the software. Hence, users had to consent to the processing of their personal data just to open the app.

     

    This violates Article 7 recital 32 of the GDPR, which requires that user consent must be given freely, and on a specific, informed, and unambiguous basis, without pressure, influence, or elements that introduce imbalance in the data subject's decision.

     

    Following a comprehensive investigation, the DPC concluded the following:

     

    1. WhatsApp Ireland did not clearly outline the legal basis or the explicit reasons for the requested user data processing, which violates Articles 12 and 13 of the GDPR.
    2. WhatsApp Ireland has not violated Article 7 due to forced consent because the service did not rely on user consent for delivering its service or using it as a lawful basis for processing personal user data.

     

    The first point will not incur additional penalties because the DPC has already served hefty fines to WhatsApp for the same reasons.

     

    "The DPC, having already imposed a very substantial fine of €225 million on WhatsApp Ireland for breaches of this and other transparency obligations over the same period of time, did not propose the imposition of any further fine or corrective measures, having done so already in a previous inquiry," reads the rationale of the decision.

     

    As for the second point, DPC's rejection of the German data subject's allegations doesn't end the case, as the German Supervisory Authority will now also review the complaint.

     

    The fine of €5.5 million on WhatsApp Ireland is imposed due to a violation of Article 6 of the GDPR on "lawfulness of processing," which requires transparency, lawfulness, and fairness in data protection processes.

     

    Additionally, the DPC will launch a new investigation covering all of WhatsApp's processing operations in its service to determine if there are violations of Article 9 of the GDPR on "processing of special categories of personal data."

     

    The data protection agency wants to determine whether WhatsApp collects and processes sensitive data for behavioral advertising and marketing purposes and whether this data is also shared with any third parties.

     

    WhatsApp informed BleepingComputer it is planning to appeal the decision, as it believes its service is operating in a legally compliant manner. Below is the full comment received from a WhatsApp spokesperson regarding DPC's decision:

    WhatsApp has led the industry in private messaging by providing end-to-end encryption and layers of privacy that protect people. We strongly believe that the way the service operates is both technically and legally compliant. 

    We rely upon the contractual necessity for service improvement and security purposes because we believe helping keep people safe and offering an innovative product is a fundamental responsibility in operating our service. We disagree with the decision and we intend to appeal.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...