On Thursday, Ireland’s Data Protection Commission (DPC) imposed a new fine of €5.5 million on Meta’s WhatsApp for violating data protection laws when processing users’ personal information.
At the center of the ruling is the updates to the messaging platform’s terms of service, imposed in the days leading up to the enforcement of the General Data Protection Regulation (GDPR), in May 2018, users must agree to the revised terms in order to continue using the service, or they risk losing access.
The complaint, filed by privacy nonprofit NOYB, alleges that WhatsApp by forcing users to “consent to the processing of their personal data for the improvement and security of the service” would “provide users with their consent to the accessibility of the service.” on the condition that the We have updated our Terms of Service. “
“WhatsApp Ireland has no right to rely on contractual legal grounds to improve its services and provide security,” the DPC said. Said The statement states that adding the data collected so far would violate the GDPR.
Apart from the fine, the messaging application was ordered to comply with operations within six months. It’s worth noting that Meta has its European headquarters in Dublin.
However, the DPC said it has no plans to investigate whether WhatsApp processes user metadata for advertising, saying it is “free and speculative.” In response, NOYB criticized the authorities for their refusal to respond.
“WhatsApp says it’s encrypted, but that only applies to chat content, not metadata,” NOYB’s Max Schrems said. Said“WhatsApp still knows who and when you chat the most, which gives Meta a very good understanding of the social fabric around you.”
“Meta uses this information to target ads that your friends are already interested in, for example,” added Schrems. The DPC appears to have simply refused to make a decision on the matter, despite four and a half years of investigation. “
“In particular, WhatsApp will be free to indicate how it intends to notify future updates to its Terms of Service and to make it easier for consumers to understand the implications of such updates and subsequently wish to continue using WhatsApp. We recommend that you do so in a way that allows you to decide on these updates,” the Committee Said June 2022.
What’s more, WhatsApp was previously under scrutiny for a U-turn on its data-sharing practices for ad targeting with parent company Meta (then Facebook). In 2017, the EU fined The social media giant has been fined €110 million for “providing inaccurate or misleading information” during an investigation into its merger following its 2014 WhatsApp acquisition.
The latest penalties come two weeks after the DPC fined Meta 390 million euros for handling user data to serve personalized ads on Facebook and Instagram, and banned personal data for behavioral advertising. has been given three months to find a valid legal basis for processing.
NOYB is written Speaking to the European Data Protection Board (EDPB), the watchdog “turned a blind eye to the revenues derived from GDPR violations when calculating the fine”, adding that “the DPC’s ruse has allowed Meta to lose about 40 We have saved billions of euros,” he said.