Facebook’s WhatsApp Slapped With $265 Million Fine For Violating Personal Data Laws

European Union regulators imposed a $265 million fine on Facebook-owned messaging service WhatsApp on Thursday for failing to adequately inform consumers what it did with their data.

The fine, issued by the Data Protection Commission (DPC), related to WhatsApp’s failure to provide consumers with certain information about how it shared their personal data with other Facebook-owned companies, according to the agency’s announcement. This omission by WhatsApp violated the General Data Protection Regulation (GDPR), the EU’s data protection and privacy law governing how tech companies collect and share user information.

“WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service,” the agency said in the announcement.

One of the GDPR’s provisions states that tech companies, like WhatsApp, that collect personal information must tell users how they intend to use this personal information as well as the legal basis therefor. Regulators found that WhatsApp did not sufficiently abide by its obligations in its own Privacy Policy, in turn violating the GDPR provision.

WhatsApp protested the ruling, claiming it was committed to data privacy and security, and the company pledged to appeal the decision.

“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so,” a WhatsApp spokesperson told the Daily Caller News Foundation. “We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

The fine of $265 million is the second-largest penalty ever for a GDPR violation, according to The Wall Street Journal, and this sum represents almost 1% of Facebook’s 2020 profit.

The DPC’s decision is the latest in a wave of heavy penalties imposed by EU regulators on U.S. tech companies. Amazon received the largest-ever GDPR fine, $887 million, in July over its data processing policies in digital advertising.

Google received a $590 million fine that same month for violating EU copyright law. Google also settled with French competition law authorities for $270 million in June.