On 2 September 2021 the Irish Data Protection Commission (DPC) fined WhatsApp €225 million for failing to comply with its data processing obligations under the General Data Protection Regulation (GDPR) – the second largest fine of this kind.
Notably, the fine handed out by the DPC is more than four times the fine that was first proposed in January, as a result of mounting pressure from other EU data regulators to punish WhatsApp for breaching the GDPR. This suggests that EU regulators are hardening their stance against the "big tech" industry.
Businesses should take note, as fines for breaching the GDPR can reach 4% of their annual turnover. This case highlights the importance of ensuring that privacy policies are up to date and compliant with the GDPR, particularly if data is shared between group entities. Businesses must also consider whether they process any personal data, from both users and non-users, of their services, and if so, should ensure appropriate privacy procedures are in place.
If you require any advice our specialist data protection lawyers would be pleased to assist. Please contact Joanna Boag-Thomson, Partner in the media and technology team, at firstname.lastname@example.org, or your usual Shepherd and Wedderburn contact.