Ireland's WhatsApp penalty highlights EU privacy turmoil

FILE - This Feb. 19, 2014, file photo, shows WhatsApp app icon on a smartphone in New York. Ireland has fined WhatsApp for breaching strict European Union privacy rules by forcing users to consent to allow their personal data to be used to provide service improvements and security. The Data Protection Commission issued a 5.5 million euros ($5.9 million) penalty in the case on Thursday, Jan. 19, 2023. (AP Photo/Patrick Sison, File) (Patrick Sison, Copyright 2016 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistribu)

LONDON – Ireland fined WhatsApp for breaching strict European Union privacy rules in a case that has exposed divisions among EU watchdogs over how to regulate its parent company, Meta.

The chat app was ordered to pay 5.5 million euros ($5.9 million) Thursday by the Data Protection Commission for forcing users to allow personal data to be used to provide “service improvements and security” - but only after some of its European counterparts balked at its initial decision to let the company off.

In a related decision earlier this month that played out in a similar manner, the Irish watchdog hit Meta Platforms Inc. with $390 million in fines for forcing Facebook and Instagram users to agree to personalized ads based on their online activity.

All three cases date back to May 2018, when the 27-country bloc's stringent privacy regulations took force.

The commission, which is Meta's lead European privacy regulator because the company's regional headquarters is in Dublin, originally sided with the Silicon Valley giant. But a slew of other EU data protection watchdogs objected to its draft decisions and the Irish watchdog was forced to overturn them and issue stiffer punishments.

In its final decision on the WhatsApp case, the commission also ordered the company to bring its data processing operations into compliance with EU privacy rules within six months.

WhatsApp said it disagreed with the decision and plans to appeal.

“We strongly believe that the way the service operates is both technically and legally compliant,” it said in a statement.

The Irish watchdog's decision was written in dry technical language but signs of the tension with its EU counterparts were evident in a section near the end, where it said that a board of EU data protection regulators “purported to direct" it to carry out a fresh investigation of all of WhatsApp's data processing operations.

It's not up to the board to “instruct and direct an authority to engage in open-ended and speculative investigation,” the Irish watchdog said, adding it would ask the EU's top court to annul the order because it's “problematic in jurisdictional terms."


This version corrects number of EU member countries to 27 in fourth paragraph.