The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta’s WhatsApp for violating data protection laws when processing users’ personal information.
At the heart of the ruling is an update to the messaging platform’s Terms of Service that was imposed in the days leading to the enforcement of the General Data Protection Regulation (GDPR) in May 2018, requiring that users agree to the revised terms in order to continue using the service or risk losing access.
The complaint, filed by privacy non-profit NOYB, alleged that WhatsApp breached the regulation by compelling its users to “consent to the processing of their personal data for service improvement and security” by “making the accessibility of its services conditional on users accepting the updated Terms of Service.”
“WhatsApp Ireland is not entitled to rely on the contract legal basis for the delivery of service improvement and security,” the DPC said in a statement, adding the data collected so far amounts to a contravention of GDPR.
Aside from the fine, the messaging application has also been ordered to bring its operations into compliance within a period of six months. It’s worth noting that Meta has its European headquarters in Dublin.
images from Hacker News