WhatsApp secures permission to challenge €225 million GDPR fine
The company has been granted the power to challenge Ireland’s fine over the way it shares user data
WhatsApp has secured permission in Ireland’s High Court to challenge the Data Protection Commission’s (DPC) decision to fine the company €225 million in August over its lack of transparency in the way it shares user data.
Justice Anthony Barr agreed to grant the Facebook-owned company permission to bring its challenge, and adjourned the matter to next month, as reported by The Journal.
WhatsApp is aiming to quash the DPC’s decision and seek declarations from the court, which include that certain parts of the 2018 Data Protection Act are invalid and unconstitutional and are incompatible with Ireland’s obligations under the European Convention on Human Rights.
The DPC issued WhatsApp with a penalty in August, which was approved by the European Data Protection Board (EDPB), after a two-year investigation which found the company had been unclear in the way it processed and shared data with Facebook, as well as between WhatsApp and other Facebook-owned companies.
The investigation found that the company violated Article 14 of GDPR, which states that data controllers must provide data subjects with sufficient information about the way data is collected and processed.
The top three IT pains of the new reality and how to solve them
Driving more resiliency with unified operations and service management
The DPC’s draft findings from last December outlined the fine should be between €30 million and €50 million before the EDPB issued a binding decision in July with a “clear instruction” for the watchdog to increase its provisional fine. The DPC raised it several times higher, and issued requirements for WhatsApp to take steps to improve its GDPR compliance as well.
In September, campaigners claimed that the DPC was failing to process a surging backlog of hundreds of GDPR cases against big tech firms which was hindering pan-European data protection enforcement as a result. In the three years between May 2018 and May 2021 the data regulator only sent four draft decisions to the EPDB for examination and approval.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The report called the country “the big EU bottleneck” and said EU GDPR enforcement is “paralysed” due to Irenalnd’s failure to deliver draft decisions on cross-border cases.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.