Yet another GDPR fine for Whatsapp Ireland
Whatsapp Ireland has been hit with a penalty of 5.5 million EUR for failing to have a lawful basis for certain types of personal data processing.
As a result of the GDPR coming into operation in 2018, Whatsapp updated its Terms of Service and informed users that if they wish to continue acessing the app, they would had to accept the terms. Users complained they were”cohersed” into accepting the terms arguing that WhatApp had relied on users agreeing to its terms of service to provide a legal basis for its processing of their data and that the company was forcing them to consent to the processing of their data for service improvement and security.
The Data Protection Commission (DPC) concluded that Whatsapp breached its transparency obligation by not fully disclosing users what processing operations were being carried out on their personal data andhow the processing of the data was going to affect them, point agreed on by the European Data Protection Board. When it came to relying on the contract as a legal basis with the purpose of processing data for service improvement and security, EDPB decided that Whatsapp was not entitled to rely on it with matter being considered a GDPR breach.
WhatsApp Ireland has been directed to bring its data processing operations into compliance within a period of six months. This means that Whatsapp will need to find a way to lawfully process the data.
Written by: Briana Huști