In recent news WhatsApp was issued a fine of €225m (£193m) from Ireland’s data watchdog, for breaching EU data protection rules. Being the second highest fine under GDPR regulations.
General data protection regulation
General data protection regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. This is under the data protection act (2018). Everyone who is responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
WhatsApp and the GDPR
WhatsApp has been fined in breach of these DPA (2018), Ireland’s privacy watchdog found that the company had broken these regulations, in relation to transparency and the data being shared to other companies owned by the parent company Facebook.
Data protection is the fair and proper use of information about people. It’s part of the fundamental right to privacy – but on a more practical level, it’s really about building trust between people and organisations. It’s about treating people fairly and openly, recognising their right to have control over their own identity and their interactions with others, and striking a balance with the wider interests of society. This is stated by the information commissioner’s office.
This investigation by the Irish regulator has been carried out since 2018, around transparency of WhatsApp and its parent company Facebook. Where they have their EU headquarters based in ireland. The issues involved were highly technical, including whether WhatsApp supplied enough information to users about how their data was processed and if its privacy policies were clear enough.
WhatsApp said it disagrees with the decision, and the severity of the fine, and plans to appeal.
Effects of GDPR
With the GDPR being updated to expand upon processing and controller companies on data protection how will it affect us?
With newer data protection laws it allows us to see how much information and sensitive data can be used and processed, applying new codes of conduct to controllers (people or entities that control your data) and what you as a consumer can do with your data.
With new laws companies must do the following: Clearly state how your information will be used and processed. To clarify what information can and/or will be used and a request for consent must be clearly distinguishable from the terms and conditions. This can be such as pre ticked boxes, these cannot indicate consent. Unless the user has accepted the terms and conditions. Additionally any extra information given for the use of premium or extra features, also cannot be given as consent.
How you can access your data: You can request the company to show you your personal data, that the company has and they must comply within a month. From this you may choose to correct any data about you. But you also have the option of eraser, where the company must delete any personal data about you. Lastly security, the company must inform their national regulator if there is a breach of data.
If companies do not comply they can be fined up to £17.5million or 4% of their total global turnover ~ whichever is higher.