The Irish digital authority announced this Thursday (2) a fine of 225 million euros (about R$ 1.3 billion) against WhatsApp.
The sanction was imposed following an investigation requested in 2018 by the European data protection committee.
Authorities concluded that the application failed to “fulfill its transparency obligations” by informing people about how their information would be used.
According to the decision, WhatsApp did not correctly report how user data is shared between the app and the other companies in the Facebook group, which owns it.
- WhatsApp and Facebook: UNDERSTAND data sharing
- WhatsApp, Telegram and Signal: COMPARE messaging apps
This is the second highest sanction applied in relation to compliance with data protection rules in Europe. The record was a fine on Amazon of 746 million euros (about R$4.5 billion) imposed in July.
The Irish regulator has jurisdiction in the WhatsApp case because Facebook has its European headquarters in this country.
They also asked the company to create notices to people who don’t use the app that their phone numbers can be sent to the company through users’ calendars.
The European bloc’s data protection law, known by the acronym GDPR, has been in force since 2018.
The GDPR allows regulators to fine companies up to 4% of their global revenue. The sanction imposed on WhatsApp represents about 0.8% of Facebook’s profits in 2020.
In a note to the AFP agency, WhatsApp said it will appeal the decision. “We don’t agree with the decision on transparency we provide to people in 2018 and the sanctions are totally disproportionate,” the company wrote.
“WhatsApp is committed to providing a secure and private service. We work to ensure that the information we provide is transparent and complete, and we will continue to do so,” a WhatsApp spokesperson said in a brief statement.
Brazil also has a data protection law, the LGPD, in effect since last September. Its sanctions cannot exceed R$50 million per infraction.
- General Data Protection Law: what changes for citizens? See questions and answers
- Understand the punishments for those who breach the General Data Protection Law
The news generated controversy, reactions from data protection agencies around the world and distrust among users, who started downloading competing applications.
In the face of resistance, the application extended the term so that everyone “had more time to understand the policy”.
The new terms have been in effect around the world since May 15th, but those who have not accepted continue to use the service without restrictions.
The changes were presented on August 31 and are evaluated by the National Data Protection Authority (ANPD), the National Consumer Secretariat (Senacon), the Federal Public Ministry (MPF) and the Administrative Council for Economic Defense (Cade) . The changes have not yet been made public.
Keep an eye! Find out what to do if you are a victim of a scam on WhatsApp:
Whatsapp scams: know how to protect yourself