WhatsApp fined €225m in second-largest GDPR penalty

WhatsApp has been issued a fine of €225m (£193m) for breaching privacy regulations, in the largest penalty issued by the Irish Data Protection Commission, and the second-largest under EU General Data Protection Regulation rules. The Facebook-owned company is headquartered in Ireland.

The penalty is related to a 2018 investigation into the tech company’s transparency over the way it handles data and its privacy policies.

WhatsApp has said it plans to appeal the fine.

The UK Information Commissioner’s Office famously fined Marriott International Inc £18.4m over a 2014 hack which saw records of 339 million guests stolen by hackers. The reduced fine, announced in November 2020, was a significant reduction from the initial £99.2m fine proposed by the data watchdog during the previous year.

The ICO’s investigation found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by GDPR.

    Share Story:

Recent Stories


Cyber physical risks
Property damage as a consequence of cyber attack is often excluded from standard property policies, but as the industrial internet of things expands, so too do the risks. This podcast examines the evolving threat landscape. Published October 2021

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Advertisement