The Irish Data Protection Commission has just imposed the largest fine in its history, and the victim has been WhatsApp. It is the second highest fine according to the rules of the EU GDPR.
It has been Ireland because Facebook, owner of WhatsApp, has its European headquarters there, so it is the Irish regulator in charge of carrying out these tasks.
The fine is the conclusion of an investigation which started in 2018 and which sought to verify whether WhatsApp had been sufficiently transparent about how it treats information. The decision has been made today, and WhatsApp intends to appeal considering the unfair and disproportionate fine.
According to WhatsApp, they have ensured that the information they provide is transparent and complete, and they do not believe that the data collected in 2018 justifies a fine of 225 million euros.
Let us remember that GDPR rules allow fines of up to 4% of the global turnover of the offending company, so it could have been much higher.
The funny thing is that the technical details that justify the fine have not yet been disclosed, although it is possible that they will appear during the appeal. Everything seems to indicate that they will have to give information about what they do with the data obtained from people who do not use WhatsApp.