EU regulator fines Meta again; this time for WhatsApp
Meta cannot seem to catch a respite from fines. Two weeks after it imposed a hefty €390 million penalty on the tech giant for violating Europe's privacy laws, the Irish Data Protection Commission (DPC) has fined Meta an additional €5.5 million. Only this time, it is for violating EU data protection regulations with its instant messaging platform WhatsApp.
Why does this story matter?
- Meta is in a tough spot with European privacy regulators. The company's practices related to personal data are being nitpicked to see whether it violates Europe's General Data Protection Regulation (GDPR).
- The tech giant has received a lot of flak for the way it handles personal data to make a profit.
- The different rulings add more pressure to the company's already faltering ad business.
DPC asked WhatsApp to reassess how it uses personal data
In its ruling, the DPC said that WhatsApp acted "in breach of its obligations in relation to transparency." The watchdog asked the company to reassess the way it uses personal data for service improvement and security. DPC said that Meta relied on an incorrect legal basis for the same. The regulator gave the company six months to comply with the ruling.
DPC had issued a similar ruling against Meta's targeted advertising
Against Meta's other main platforms—Facebook and Instagram—the DPC had issued a similar ruling. The watchdog had asked the company to reassess the legal basis for using personal data for targeted advertising. A WhatsApp spokesperson said that the company intends to appeal the decision. "We strongly believe that the way the service operates is both technically and legally compliant," they added.
Fine is less because of the previous €225mn penalty
Compared to the fine imposed on Meta earlier this month, the current fine is much less. The DPC justified that by pointing to the €225 million penalty imposed on WhatsApp in September 2021. Both penalties are for breaches that occurred in May 2018. NYOB, the Vienna-based privacy organization that brought three complaints against Meta in 2018, criticized the magnitude of the new fine.
The DPC previously upheld Meta's justification for collecting personal data
The DPC's decisions against Meta this month are following the adoption of three binding decisions by the European Data Protection Board (EDPB) in December last year. The DPC had previously upheld the legal justification the tech giant uses to collect user data. However, many other European regulators disagreed with DPC's decision, and the matter was then referred to the EDPB.