WhatsApp data sharing fine: what does it mean for you?

In early September, WhatsApp was fined €225m by the Irish Data Protection Commission for breaking the EU’s data privacy law by not informing its users how it was sharing their data with its parent company, Facebook.

Why is this significant? Well, this marks one of the largest fines handed out under GDPR (General Data Protection Regulation) guidelines. For a reminder on what GDPR is, check out our explainer post here.

The messaging service ran into trouble after it was found to be storing ‘pseudonymous’ phone data – aka changing the names/details of the contacts – rather than truly anonymising it. It essentially meant that the numbers it was sharing could be tied to specific people.

What did the Irish Data Protection Commission do?

In addition to handing WhatsApp the fine, the Commission ruled that the app should improve its transparency and bring the data sharing in line with GDPR. WhatsApp are looking to appeal the decision – especially after the initial fine, which was suggested to be €50m, was hiked to its current figure following accusations that the Commission was being too lenient.

Is this the biggest GDPR fine to date?

While this is one of the largest fines handed out under GDPR, it’s not the biggest. In July, Amazon was given a record $888m fine following a complaint by French activists, and Twitter picked up a €450m penalty after it failed to report a data leak within 72 hours.

WhatsApp’s fine is part of a picture showing that data commissions are willing to take tech giants to task over lax GDPR compliance.

But what does this mean for me?

WhatsApp say that the issues in question relate to policies in place in 2018, and have since taken steps to resolve the problems. It’s also worth noting that the scope of the enquiry was only limited to transparency obligations under GDPR.

This suggests that users don’t necessarily need to be worried about what this actually means for their data in this instance. We’ve written extensively in previous articles about what to do if they believe their data is caught up in a breach, which you can find out more about here.

If you’re interested in finding out more about your data, why not check out some of our other blogs?