Facebook’s WhatsApp was fined a record $266 million by the Irish data protection regulator on Thursday after pressure from the EU privacy watchdog to raise the penalty for the company’s breaches.
WhatsApp said the fine was too high and that it would appeal. The Irish fine is significantly less than the 886.6 million euro fine handed to Amazon by the Luxembourg privacy watchdog.
Austrian privacy campaigner Max Schrems, who has taken on Facebook in privacy cases, said the initial fine proposed was 50 million euros. Ireland’s Data Privacy Commissioner, the lead data privacy regulator for Facebook in the EU, said the issues related to whether or not WhatsApp conformed in 2018 with EU data rules about transparency.
Complaints of disproportionate punishment
The Irish regulator said in a statement that the inquiry looked into the information provided to data subjects about the processing of information between WhatsApp and other Facebook subsidiaries/companies.
A WhatsApp spokesperson said in a statement that the issues related to policies used in 2018 and that the company gave the information it was asked to provide.
The spokesperson added that WhatsApp disagrees with the decision regarding the transparency provided to people in 2018 and the penalty meted out, calling it disproportionate.
An Irish watchdog without teeth
The European Data Protection Board said it gave several pointers to the Irish Agency in July to address criticism from its peers that it was taking too long to decide in cases involving tech giants and giving them a pass on cases involving breaches.
It said a WhatsApp fine should take into account Facebook’s turnover and that the company should be given three months instead of half a year to comply with the decision made.
The GDPR rules are finally showing they can be useful even if the lead regulator is dropping the ball.