EU Regulators Fine WhatsApp $266 Million for GDPR Violations

On September 2, 2021, EU regulators fined Facebook-owned chat service, WhatsApp, £225 million (around $266 million) for failing to fully disclose its user data collection and sharing practices. This is the second largest fine since EU regulators began enforcing the General Data Protection Regulation in mid-2018.

Ireland’s Data Protection Commission, which leads GDPR enforcement efforts for Facebook due to its European headquarters in Dublin, was the issuing body for this landmark decision. Initially, the Commission had proposed a £50 million fine, but following objections from eight EU watchdogs, a board of all EU regulators voted to increase the fine.

WhatsApp has three months to bring its privacy and user notification policies into compliance with the GDPR. A WhatsApp spokesperson, however, has said the company will appeal the decision. The appeal can be lodged either in Irish courts or directly with the EU’s Court of Justice, since a board representing all EU privacy regulators voted on the decision.

The Robins Kaplan Privacy Pulse blog features privacy and cybersecurity litigation topics including the latest news in cybersecurity law and policy, privacy legislation, and other related cyber topics making headlines.