On Thursday, Ireland’s Data Protection Commission (DPC) imposed a new fine of €5.5 million on Meta’s WhatsApp for violating data protection laws when processing users’ personal information.
At the heart of the ruling is an update to the messaging platform’s terms of service, which came into effect in the days leading up to the General Data Protection Regulation (GDPR) coming into force in May 2018. If you do not continue to use the service, you risk losing access.
The complaint, filed by privacy nonprofit NOYB, alleges that WhatsApp by forcing users to “consent to the processing of their personal data for the improvement and security of the service” would “provide users with their consent to the accessibility of the service.” on the condition that the We have updated our Terms of Service. “
“WhatsApp Ireland has no right to rely on contractual legal grounds to provide service improvements and security,” the DPC said in a statement, adding that the data collected thus far violates the GDPR. rice field.
Apart from the fine, the messaging application was ordered to comply with operations within six months. It’s worth noting that Meta has its European headquarters in Dublin.
However, the DPC said it has no plans to investigate whether WhatsApp processes user metadata for advertising, saying it is “free and speculative.” In response, NOYB criticized the authorities for their refusal to respond.
“WhatsApp says it’s encrypted, but that only applies to chat content, not metadata,” NOYB’s Max Schrems said. You still know where you chat the most, which gives Meta a very good understanding of the social fabric around you.”
“Meta uses this information to target ads that your friends are already interested in, for example,” added Schrems. The DPC appears to have simply refused to make a decision on the matter, despite four and a half years of investigation. “
WhatsApp was particularly hit in early 2021 when it announced a similar update to its privacy policy requiring users to agree to changes in order to continue using the service.
“In particular, WhatsApp will indicate how it intends to notify future updates to its Terms of Service, making it easy for consumers to understand the implications of such updates and freeing them to continue using WhatsApp thereafter. We encourage you to do so in a way that allows you to determine these updates,” the committee said in June 2022.
Moreover, WhatsApp was previously under scrutiny for a U-turn on its data-sharing practices regarding ad targeting with parent company Meta (then Facebook). In 2017, the EU fined the social media giant €110 million for “providing inaccurate or misleading information” during a merger investigation.
The latest penalties come two weeks after the DPC fined Meta 390 million euros for handling user data to serve personalized ads on Facebook and Instagram, and banned personal data for behavioral advertising. has been given three months to find a valid legal basis for processing.
In a letter to the European Data Protection Board (EDPB), NOYB said the watchdog “turned a blind eye to the revenues derived from GDPR violations when calculating the fine” and said that “due to the DPC’s ruse, Meta was almost saved.” 4 billion euros”
