After European regulators requested an increase in fines, Ireland on Thursday imposed a record fine on Facebook’s WhatsApp messaging service for violating EU data privacy laws.
The Irish Data Protection Commission was commissioned to handle the case because Facebook’s European headquarters is located in that country.
“After the reassessment, DPC imposed a fine of 225 million euros (US$267 million) on WhatsApp,” the commission said. This is the largest fine ever imposed on a company, dwarfing the previous fine of 450,000 euros imposed on Twitter. . year.
Since Ireland has the regional headquarters of many major technology companies such as Apple, Google and Twitter, DPC is mainly responsible for overseeing compliance with the EU’s landmark General Data Protection Regulation (GDPR) regulations.
But Ireland is under pressure for not taking a firm enough stand against technology giants, which are generally believed to be attracted by its low corporate tax rate of 12.5%.
WhatsApp said it will appeal the decision.
“We do not agree with today’s decision,” it said in a statement, calling the punishment “completely disproportionate.”
DPC launched a WhatsApp investigation in December 2018 to check whether the messaging app “fulfills its GDPR transparency obligations” and inform users how their data will be processed between WhatsApp and other Facebook companies.
In the preliminary findings submitted to other European regulators for approval in December last year, the DPC proposed to impose a fine of 300 to 50 million euros, but some national regulators rejected this figure, which triggered the launch of dispute resolution procedures in June.
Last month, the European Data Protection Board (EDPB) instructed DPC to increase fines, and German regulators took the lead in calling for an increase in fines.
EDPB stated that the fine must “reflect a serious violation, which affects all WhatsApp processing in Ireland”.
It said that fines must be “effective, dissuasive and proportionate”.
The GDPR is hailed as a powerful weapon to subdue tech giants. It gives national regulators cross-border powers and may impose huge fines on data abuse.
But German data protection commissioner Ulrich Kelber wrote an open letter in March criticizing the DPC’s “extremely slow” way of handling GDPR complaints.