225 million euros. This is the amount the Irish CNIL is inflicting on WhatsApp for GDPR breaches. The regulator was considering a more modest sentence, but its counterparts in Europe pushed it to strike hard.
For months, the hypothesis of a record fine imposed in Europe on WhatsApp had been in the air. At the beginning of the year, sources familiar with the matter mentioned to Politico a sanction of up to 30 or even 50 million euros. In the end, neither of these two amounts was retained. The courier was indeed sanctioned, but with a much more severe penalty: 225 million euros.
The verdict fell on September 2, 2021 from the Irish Data Protection Authority (DPC – Data Protection Commission), the local equivalent of the National Commission for Informatics and Freedoms (Cnil). It is the DPC which was in the front line on this file, because it is in Ireland that Facebook, the parent company of WhatsApp, steers its activities within the European Union.
In this regard, breaches of the General Data Protection Regulation (GDPR) are at the heart of the case, which started in December 2018. More precisely, it is a lack of transparency regarding the sharing of data. data between the American social network and its instant messaging – acquired in 2014 for the astronomical sum of 22 billion dollars – which is in question.
The DPC therefore, in addition to the particularly high fine, called for the implementation of ” specific corrective measures ”So that computer processing between WhatsApp and Facebook gets in the nails. On the other hand, the DPC has also imposed blame on instant messaging – a relatively uncommon disapproval, which is usually seen in disciplinary cases.
The European CNILs pleaded for a heavy fine
This is not the only peculiarity of the case: if the financial penalty reaches 225 million euros, it is because other data protection authorities in Europe have forced the hand of the DPC, the latter having considered at departure with a less consequent sanction. At the end of July 2021, the European Data Protection Board adopted a binding resolution to this effect.
” This decision contained a clear instruction that requested the DPC to reassess and increase its proposed fine based on a number of factors contained in the Committee’s decision and, following this reassessment, the DPC imposed a fine of 225 million euros to WhatsApp “, Admits the Irish CNIL in its press release.
A judicial development is nevertheless to be expected, because WhatsApp has indicated its intention to appeal the decision rendered by the DPC. The application unsurprisingly disputes the conclusions of the regulatory authority, believing it to offer transparent and intelligible information to the public, and also rejects the amount of the penalty, deemed disproportionate.