On Thursday, Ireland’s Data Protection Commission (DPC) slapped WhatsApp with a record fine of €225 million. In a statement released by the watchdog, the DPC said it had been investigating since December 2018 whether WhatsApp had abided by its “transparency obligations” under the European Union’s General Data Protection Regulation (GDPR).
The statement explained that this “includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.”
As well as a hefty fine, the regulator also gave the messaging service a reprimand, alongside an order for it to bring its data processing into compliance.
WhatsApp, however, has said that it opposes the financial penalty, slamming it as being “entirely disproportionate,” and will launch an appeal.
The DPC has been leading the data privacy probe into Facebook as its European headquarters are in Dublin. The Irish regulator had considered dishing out a much lower fine of up to €50 million, but other watchdogs within the European Union had complained that the sum was too low.
The penalty against WhatsApp is the second-largest GDPR fine to date, as Amazon was hit with a €746 million ($884 million) sanction by authorities in Luxembourg earlier this summer.
Under the European GDPR regulations, companies can be hit with fines of up to €20 million ($23.7 million) or 4% of their total annual global turnover, whichever is higher.