WhatsApp hit with $267 million GDPR fine for bungling user privacy disclosure

Facebook is appealing the decision.
(Photo by INDRANIL MUKHERJEE/AFP via Getty Images)

Ireland’s Data Protection Commission fined Facebook-owned messenger WhatsApp for $225 million for failing to provide users enough information about the data it shared with other Facebook companies.

The fine is the largest penalty that the Irish regulator has waged since the European Union data protection law, the General Data Protection Regulation, or GDPR, went into effect in 2018.

The watchdog, which kicked off its probe in 2018, ruled that Facebook failed to fully explain what “legitimate interests” the company used personal data for or how that data was processed. In addition to the fine, the ruling requires WhatsApp to take “corrective measures” in order to come into compliance with GDPR.

WhatsApp plans to appeal the fine, according to a spokesperson.


“WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so,” the spokesperson wrote in an email to CyberScoop. “We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

Facebook is also facing a lawsuit from privacy activist Max Schrems under GDPR for its handling of targeted ads. The case was referred to the European Union’s highest court in July for a ruling.

Facebook isn’t the only major technology company to get slapped by the law. France’s data protection watchdog fined Google $57 million in 2019 for making it difficult for new Android users to understand how their data is processed. Luxembourg fined Amazon for a record-breaking $887 million in July for using customer data to manipulate their behavior.

Both Google and Amazon appealed the rulings. Google lost its appeal.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts