Ireland’s Data Protection Commission levied a $5.9 million fine Thursday against WhatsApp Ireland for repeatedly violating European Union privacy laws. File Photo by Hayoung Jeon/EPA-EFE
Jan. 19 (UPI) -- Ireland's Data Protection Commission levied a $5.9 million fine Thursday against WhatsApp Ireland over breaches of European Union privacy laws.
In its ruling, the DPC contends the messaging app forced users to click "agree and continue" with the Terms of Service in order to use it, and then processed data without their knowledge or consent.
WhatsApp Ireland also has a six-month deadline to bring itself in line with regulations.
The DPC agreed with the complainant that WhatsApp, which is owned by parent company Meta, violated the EU's 2018 General Data Protection Regulation. The GDPR introduced stricter rules for how companies collect and process personal information.
The specific complaint stems from a German data user in May 2018, the same date the new rules came into effect.
"In breach of its obligations in relation to transparency, information in relation to the legal basis relied on by WhatsApp Ireland was not clearly outlined to users, with the result that users had insufficient clarity as to what processing operations were being carried out on their personal data," the DPC said in its written ruling.
The commission called the situation one of "forced consent."
However, the DPC rejected a directive by the European Data Protection Board to open a new, far-reaching investigation into WhatsApp Ireland to see if its personal data-processing practices further contravene EU law, including in other jurisdictions.
The DPC found the larger EDPB's directive overstepped its bounds and set aside that ruling.
The DPC called the directive "problematic in jurisdictional terms, and does not appear consistent with the structure of the cooperation and consistency arrangements laid down by the GDPR."
Earlier this month, the DPC fined WhatsApp and Facebook parent company Meta a total of $414 million for violating GDPR transparency requirements
In September, the Irish regulator slapped WhatsApp Ireland with four fines worth a collective $266 million for similar privacy data collection breaches under the same statute. That fine was a record at the time.