The Data Protection Commission (DPC) has finished the General Data Protection Regulation (GDPR) investigation it conducted on WhatsApp in Ireland that commenced in December 2018. This was to examine whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service.
At the end of the investigation, it has imposed a fine of €225 million on WhatsApp, which is the second largest. WhatsApp said that it disagrees with the decision, and the severity of the fine, and plans to appeal.
In addition to the imposition of an administrative fine, the DPC said that it has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.
In response to the fine, a WhatsApp spokesperson, in a statement, said:
We have worked to ensure the information we provide is transparent and comprehensive, and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.