The draft penalty would be one of the largest under the European Union’s data protection rules.
-owned messaging app WhatsApp could be fined up to €50 million over violations of the European Union's data protection rules, according to three people with direct knowledge of the procedure who spoke with POLITICO.
The preliminary penalty — the figure is now under consultation with the bloc's other data protection agencies — would be one of the largest-ever fines under the EU's General Data Protection Regulation, a set of privacy rules that came into force in 2018.
As part of Ireland's draft findings, the internet messenger may face a fine of between €30 million and €50 million for not living up to transparency requirements under Europe's privacy regime. Whatsapp could also be required to change how it handles its users' data, as the case relates to how the messenger may have failed to properly inform its EU users about how it would share their data with Facebook
France's privacy authority has fined Google €50 million for separate privacy violations, while Ireland's Data Protection Commission, which has regulatory authority over Facebook
, recently issued a €450,000 penalty against Twitter. That represented its first levy against any Silicon Valley company, many of which fall under Dublin's jurisdiction because these firms are legally domiciled in Ireland, mostly for tax reasons.
The multi-million euro draft WhatsApp fine is an initial proposal from Dublin, and has been opened up to other European data protection agencies for their feedback. A final decision on how big the fine should be — and what other remedies WhatsApp should agree to — is not expected until later in the year.
A spokesman for Ireland's Data Protection Commissioner declined to comment. A spokesman for WhatsApp said the company was awaiting the final privacy decision.
In November, Facebook
earmarked €77.5 million for a likely privacy fine against its messaging service WhatsApp, which, unlike Instagram, is a separate legal entity in Ireland and therefore has its own set of financial records. The Irish data protection agency is conducting a separate investigation into whether WhatsApp can legally share its users' data with Facebook
's other digital services, among other privacy-related concerns.
The draft penalty against WhatsApp, which Ireland submitted to other EU agencies for review just before Christmas, comes as the messenger faces a global backlash over planned updates to its terms and conditions. Those include clarifying to its billions of users how their data is shared more widely with Facebook
's other services.
Those changes will not affect WhatsApp European operations, but people across the bloc and elsewhere still have flocked to rivals like Signal because of privacy fears. On January 15, the messenger said it was delaying the upcoming privacy changes, in part because of the confusion generated by the proposed overhaul.
Johannes Caspar, Hamburg's privacy regulator who filed objections to a previous Irish decision against Twitter, told POLITICO earlier this week that he had not ruled out doing the same in the WhatsApp case.
"WhatsApp has an enormous amount of users," he said. "It must be clear that the consent mechanism they use must be lawful and that consent is informed and freely given by the users."