It latest fine to hit Meta, which owns WhatsApp, after the same body, the DPC, slapped the firm with a €390 million fine.
The regulator ordered WhatsApp Ireland to pull its socks up and bring its processing in line with GDPR rules within six months if it doesn’t want to face further sanctions.
The complainant stated that WhatsApp forced users into agreeing to data processing if they wanted to continue using the services, the complainant argued this was a breach of GDPR as users should have a choice about the data which is processed.
To arrive at its January 12 decision, the DPC did have to go to the European Data Protection Board (EDPB) to resolve some disagreements with Concerned Supervisory Authorities (CSA) that it had to consult with throughout the process. The EDPB said the DPC has to hit Meta with the multimillion euro fine and that the DPC should launch a fresh investigation into Meta regarding the following:
“WhatsApp IE’s processing operations in its service in order to determine if it processes special categories of personal data (Article 9 GDPR), processes data for the purposes of behavioural advertising, for marketing purposes, as well as for the provision of metrics to third parties and the exchange of data with affiliated companies for the purposes of service improvements, and in order to determine if it complies with the relevant obligations under the GDPR.”
Meta says that it will appeal against the decision.