WhatsApp fined record €225 million for violating EU privacy rules over how it shares user data with other Facebook companies

WhatsApp has been fined a record €225m (£193m) after it was found to have breached EU data protection rules.

Investigation led by Ireland Privacy the supervisory authority found that the company had violated strict regulations regarding the disclosure of personal data to other companies, including those owned by the parent company Facebook.

The Data Protection Commission said on Thursday it was also issuing orders WhatsApp to take ‘remedial action’ to ensure that data processing complies with EU rules.

WhatsApp said the fine was disproportionate and that it would appeal the decision.

The statement ends an investigation into the messaging service, which opened in December 2018 after EU law known as the General Data Protection Regulation (GDPR) came into force.

The fine is the second highest ever imposed under GDPR and the largest ever imposed by the commission in Ireland, after a €400,000 fine imposed on Twitter for a security breach.

The commission said the case against WhatsApp looked at whether Facebook had complied with GDPR requirements to maintain transparency for both users and those who did not use its services.

This includes how personal data is processed between WhatsApp and other Facebook companies.

The Irish supervisory authority serves as the main regulator on cross-border data protection issues in the EU, as many large technology companies have their European headquarters in Dublin.

Following the ruling, WhatsApp said in a statement that it was “committed to providing a secure and private service.”

“We have worked to ensure that the information we provide is transparent and comprehensive and will continue to do so,” the statement reads.

“We disagree with today’s decision regarding the transparency we provided to citizens in 2018, and the penalties are completely disproportionate.”