And while a security breach may indicate sloppy practice, systematic opacity toward people whose data your adtech empire relies upon to turn a fat profit looks rather more intentional indeed, it’s arguably the whole business model.Īnd - at least in Europe - such companies are going to find themselves being forced to be up front about what they’re doing with people’s data. Transparency is a key principle of the regulation. WhatsApp’s first GDPR penalty is, by contrast, considerably larger - reflecting what EU regulators (plural) evidently consider to be a far more serious infringement of the GDPR. Twitter fined ~$550K over a data breach in Ireland’s first major GDPR decision So the DPC will continue to face criticism over both the pace and approach of its GDPR enforcement. The regulator was explicitly not looking into wider complaints - which have also been raised against Facebook’s data-mining empire for well over three years - about the legal basis WhatsApp claims for processing people’s information in the first place. It’s worth emphasizing that the scope of the DPC enquiry which has finally been decided today was limited to only looking at WhatsApp’s transparency obligations. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. WhatsApp is committed t o providing a secure and private service. In a statement responding to the DPC’s decision, WhatsApp disputed the findings and dubbed the penalty “entirely disproportionate” - as well as confirming it will appeal, writing: In addition to issuing a sizeable financial penalty, it has ordered WhatsApp to take a number of actions to improve the level of transparency it offer users and non-users - giving the tech giant a three-month deadline for making all the ordered changes. In sum, the DPC found a range of transparency infringements by WhatsApp - spanning articles 5(1)(a) 12, 13 and 14 of the GDPR. Its enquiry considered whether or not WhatsApp fulfils transparency obligations to both users and non-users of its service (WhatsApp may, for example, upload the phone numbers of non-users if a user agrees to it ingesting their phone book which contains other people’s personal data) as well as looking at the transparency the platform offers over its sharing of data with its parent entity Facebook (a highly controversial issue at the time the privacy U-turn was announced back in 2016, although it predated GDPR being applied). The DPC’s decision today (which runs to a full 266 pages) concludes that WhatsApp failed to live up to the standard required by the GDPR. The Facebook-owned messaging app has been under investigation by the Irish DPC, its lead data supervisor in the European Union, since December 2018 - several months after the first complaints were fired at WhatsApp over how it processes user data under Europe’s General Data Protection Regulation (GDPR), once it begun being applied in May 2018.ĭespite receiving a number of specific complaints about WhatsApp, the investigation undertaken by the DPC that’s been decided today was what’s known as an “own volition” enquiry - meaning the regulator selected the parameters of the investigation itself, choosing to fix on an audit of WhatsApp’s “transparency” obligations.Ī key principle of the GDPR is that entities which are processing people’s data must be clear, open and honest with those people about how their information will be used. It’s been a long time coming but Facebook is finally feeling some heat from Europe’s much trumpeted data protection regime: Ireland’s Data Protection Commission (DPC) has just announced a €225 million (~$267 million) fine for WhatsApp.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |