Irish data watchdog clashes with regulators over proposed WhatsApp fine

Helen Dixon’s European counterparts argue proposed fine of up to €50m is too small

Data Protection Commissioner Helen Dixon will soon enter talks with  counterparts over WhatsApp’s breaches of GDPR. Photograph: Dado Ruvic/Reuters

Data Protection Commissioner Helen Dixon will soon enter talks with counterparts over WhatsApp’s breaches of GDPR. Photograph: Dado Ruvic/Reuters

Your Web Browser may be out of date. If you are using Internet Explorer 9, 10 or 11 our Audio player will not work properly.
For a better experience use Google Chrome, Firefox or Microsoft Edge.

 

The Data Protection Commissioner has clashed with several of her European counterparts after they objected to her proposal to impose a fine of up to €50 million on WhatsApp for violating privacy laws.

The row between Helen Dixon and regulators in other countries is the second dispute over a major privacy case since she took on pan-EU powers to investigate data breaches by big technology firms based in Ireland, whose websites and apps are used by hundreds of millions in Europe.

A similar dispute arose last year before Ms Dixon fined Twitter €450,000, which was the first cross-border fine under Europe’s General Data Protection Regulation (GDPR) regime.

Ms Dixon will soon enter talks with counterparts over WhatsApp’s breaches of GDPR, which came into force in 2018 and was billed as a game changer in the drive to control private data use by businesses.

WhatsApp is a messaging service owned by Facebook, which has its European headquarters in Dublin. Some European regulators argue that Ms Dixon’s proposed fine of between €30 million and €50 million on WhatsApp would be too small.

Dispute

Companies Office filings show that WhatsApp’s Irish unit set aside €77.5 million in 2019 to meet the potential cost of fines arising from Ms Dixon’s investigations, saying fines could be between €35 million and €105 million.

The objectors to Ms Dixon’s draft decision on WhatsApp include the German regulator, who criticised her privacy investigations in a letter circulated to members of a European Parliament committee in March.

The commissioner’s spokesman declined to comment on the WhatsApp fine or the objections, but acknowledged that a dispute remains unresolved.

“We shared our draft decision with all the other EU data protection authorities in accordance with the provisions of article 60 of the GDPR. We received a number of objections,” he said.

“We spent some time trying to resolve those objections but haven’t been able to resolve all of the objections. We have informed the European Data Protection Board that we will be triggering article 65 of the GDPR, which is the dispute resolution mechanism.”

Criticised

The European board, which oversees how the GDPR is applied, comprises national data regulators in member states.

The case is the second of several closely-watched cross-border investigations by the Irish data watchdog, who has been criticised by privacy campaigners for long delays in big privacy cases.

Others under investigation include Facebook and its subsidiary Instagram, Apple, LinkedIn, Google and Verizon.

At an Oireachtas committee last week, Ms Dixon rejected claims that her office was refusing to regulate big tech or was incapable of doing so. She accused critics of “superficial skimming of the surface” and “exaggeration”.

News Digests

Stay on top of the latest newsSIGN UP HERE