Enlarge image
WhatsApp logo: The messenger belongs to the social media group Meta
Photo: Andre M. Chang / dpa
The proceedings against WhatsApp have lasted four and a half years, and the Irish data protection authority has now imposed a relatively light fine of 5.5 million euros on the company.
The online platform was accused of having passed on user data to the parent company without sufficient authorization.
It is one of many proceedings against the social media group.
As early as September 2021, WhatsApp was obliged to pay a fine of 225 million euros, and at the beginning of January the data protection authority imposed a fine of 390 million euros on Meta for violations by Facebook and Instagram.
Overall, the group is said to have accumulated fines of 1.3 billion euros in the past ten proceedings.
How must WhatsApp ask for consent?
The core of the dispute is the legal basis on which the group obtains the consent of its users to pass on data, in particular for advertising purposes.
While the Meta made data-driven advertising part of the contract, the General Data Protection Regulation provides for voluntary consent.
This question is central to the Group.
When Apple used technology to force Facebook to clearly ask users for their consent to personalized advertising, the company says its revenue fell by $10 billion in 2022.
Both sides unsatisfied
WhatsApp intends to appeal the decision.
"We firmly believe that the way the service works is both technically and legally compliant," it said in a statement.
The data protection activist Max Schrems, one of the complainants, was disappointed by the amount of the fine and the procedure itself.
He accuses the competent authority of deliberate inaction.
"For years, the data protection officer dragged out the procedure and enabled Meta to circumvent the GDPR," writes the Austrian, who founded the data protection organization Noyb.
Although WhatsApp itself does not display personalized advertising, Schrems fears that the connection data will be passed on to other Meta subsidiaries.
For example, to determine who is friends with whom and to use this information for advertising purposes.
Ireland's handling of the Internet companies based there has repeatedly given cause for criticism.
The European Data Protection Board, in which the supervisory authorities of the other EU countries sit, has repeatedly demanded a stricter approach from the Irish authority.
Most recently, this led to an open conflict in which the Irish authorities questioned the competence of the European partners.
tmk/Reuters/AP
