Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Meta Fined $5.9 Million by Irish Regulators for WhatsApp Data Protection Breach

Share

Social media giant Meta has been fined an additional EUR 5.5 million (roughly Rs. 47.8 crore) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland’s regulator announced Thursday.

The penalty follows a far larger EUR 390 million (roughly Rs. 3,429 crore) fine for Meta’s Instagram and Facebook platforms two weeks ago after they were found to have flouted the same EU rules.

In its new decision, the Irish Data Protection Commission (DPC) found the group acted “in breach of its obligations in relation to transparency,” the watchdog said in a statement.

In addition, Meta relied on an incorrect legal basis “for its processing of personal data for the purposes of service improvement and security,” the DPC added, giving the group six months to comply.

The fine was imposed by the Irish regulator because Meta — along with other US tech firms — has its European headquarters in Dublin.

In response on Thursday, Meta said it was opposed to the DPC decision and would look to overturn it.

“We strongly believe that the way the service operates is both technically and legally compliant,” a WhatsApp spokesperson said.

“We disagree with the decision and we intend to appeal.”

The breaches are similar to those explained in the regulator’s action against Meta earlier in January.

But the earlier decision also accused the Meta platforms of breaking rules over the processing of personal data for the purpose of targeted advertising.

In that instance the company, co-founded by social media magnate Mark Zuckerberg, was given only three months to respond to comply with the Irish regulator.

Meta announced its intention to appeal the 4 January decision, adding the regulatory ruling did not prevent targeted or personalised advertising.

The DPC said its more recent fine was considerably less because of a EUR 225 million (roughly Rs. 1,978 crore) fine imposed on WhatsApp for “for breaches of this and other transparency obligations over the same period of time”.

Thursday’s Whatsapp fine was also far lower because it did not relate to targeted advertising.

The Irish regulator had fined Meta EUR 405 million (roughly Rs. 3,561 crore) in September for failures in handling the data of minors, and EUR 265 million (roughly Rs. 2,330 crore) in November for not sufficiently protecting users’ data.

This latest round of fines follows the adoption of three binding decisions by the European Data Protection Board (EDPB), the EU’s data protection regulator, in early December.

The Vienna-based privacy group NOYB, which brought the three complaints against Meta in 2018, had accused the social media behemoth of reinterpreting consent as a civil law contract, which stopped users from refusing targeted advertising.

In reaction to Thursday’s news, NOYB criticised the “tiny” size of the latest fine — and slammed the DPC for ignoring how WhatsApp shares data within the group for advertising purposes.

“We are astonished how the DPC simply ignores the core of the case after a 4.5-year procedure,” said NOYB founder Max Schrems.

In October 2021, the Irish authority had proposed a draft decision that validated the legal basis used by the group and suggested a fine of up to EUR 36 million (roughly Rs. 316 crore) for Facebook and up to EUR 23 million (roughly Rs. 202 crore) for Instagram, over their lack of transparency.

France’s CNIL regulator and other European bodies disagreed with the draft sanction, which they considered to be far too low.

They asked the EDPB to judge the dispute with the EU data regulator deciding in their favour.

The EDPB has also asked the Irish regulator to investigate Meta’s use of personal data.

However, in its statement, the DPC pushed back saying the EU body does not have the power to “direct an authority to engage in open-ended and speculative investigation”.

The regulator said it will seek to annul the EDPB’s request before the European Union’s Court of Justice.


Affiliate links may be automatically generated – see our ethics statement for details.