Ireland has issued its highest ever fine for breaches of GDPR privacy regulations — and Europe's second highest — to Facebook-owned WhatsApp.
Messaging service WhatsApp has had its share of security issues, including spyware vulnerability. However, the Irish Data Protection Commission has now fined it primarily over its general privacy policies, and how it allegedly was not sufficiently clear about how users' data would be used.
The $257 million fine is the highest that Ireland has imposed over these issues. It's also the second highest GDPR fine ever imposed by the European Union, exceeded only by Amazon's $887 million in July 2021.
According to BBC News, Facebook's WhatsApp company objects to the fine, and its severity. Just as Amazon is doing, it plans to appeal.
"WhatsApp is committed to providing a secure and private service," a spokesperson told BBC News. "We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so."
"We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate," continued the spokesperson.
As required by GDPR rules, the Irish Data Protection Commission only issued the fine after consultation with other EU countries. Reportedly, eight such countries, including Germany, France, and Italy, objected.
Chief among their disagreements were which specific elements of GPDR had been breached, and also how the fine was calculated. Reportedly, the overall European Data Protection Board told Ireland to "reassess" its findings, and set "a higher fine amount" than the $36 million to $59 million it was planning.