The Italian Data Protection Authority (DPA) has fined WhatsApp €5.5 million as a result of violations of the European Union’s General Data Protection Regulation (GDPR).
The fine, which is the first one imposed by the European Union on a social media giant such as WhatsApp, was issued in response to a November 2020 complaint by the Italian consumer group NUOVE FRONTIERE.
The Italian DPA found that the Facebook-owned WhatsApp had breached the GDPR by “intentionally interfering with user privacy” by making changes to its terms of service without sufficient notice or clear consent from users.
WhatsApp was also found to have allowed access to user contacts from other applications without users’ clear consent, and stored user data without sufficient protection and security measures.
The fine comes as a warning to other social media companies that the EU will take corrective action in cases of data protection violations.
The EU’s GDPR, which came into force in May 2018, requires companies to inform users of any changes to privacy policies or their use of personal data, and to obtain clear consent from users to make changes. It also requires companies to store data securely and protect user privacy where data is transferred outside of the EU.
The GDPR gives European regulators the right to impose fines on companies that violate EU privacy laws, including up to 4 percent of a company’s annual worldwide turnover, or €20 million (whichever is greater).
The Italian DPA has issued a €5.5 million fine to WhatsApp as a result of these violations, which is well below the potential fines laid out under the GDPR.
Nevertheless, the fine serves as a warning to other social media companies that the EU is ready to take corrective action against violators of its data protection laws.
This Cyber News was published on securityaffairs.com. Publication date: Mon, 23 Jan 2023 08:46:03 +0000