WhatsApp has been fined €225 million ($267 million) for violations of the EU’s GDPR.
The GDPR is one of the most comprehensive pieces of privacy legislation in the world, and strictly regulates how companies may process and use customer data. WhatsApp ran afoul of the law as a result of how data is processed between WhatsApp and Facebook’s other companies.
Ireland’s Data Protection Commission (DPC) made the announcement:
On 28 July 2021, the European Data Protection Board (EDPB) adopted a binding decision and this decision was notified to the DPC. This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.
Although this investigation began in December 2018, data-sharing between WhatsApp and Facebook’s other companies has been an ongoing issues. Most recently, Facebook ignited a firestorm of controversy when it announced it would expand WhatsApp’s data-sharing.