WhatsApp privacy policy blunder results in record GDPR fine

Whatsapp logo

It emerged this week that WhatsApp has been forced to update its privacy policy following a record €225m (£188m) fine and reprimand from regulators earlier this year. WhatsApp is appealing the decision that it breached the GDPR.

This all started when WhatsApp users complained about an update to the company’s terms that many believed would result in their data being shared with other companies owned by parent company Facebook.

WhatsApp said: “As ordered … we have reorganised and added more detail to our Privacy Policy…”. The changes are designed to “add additional detail around our existing practices” and the new policy has taken effect immediately.

The new privacy policy contains substantially more information about what exactly is done with users’ information, and how WhatsApp works with Facebook and Instagram. Interestingly, users will not be asked to ‘accept’ or agree to this new privacy policy – something which many organisations ask people to do under the false assumption that if a user “accepts” a privacy policy they have little or no recourse should they then want to complain about how their data is being used.

Head of Legal Services, Robert Wassall, commented “Regardless of whether you think this is a victory for privacy or an example of an unnecessary burden on business, the reality is that WhatsApp was forced to spend a lot of time and money fighting public perception. During this time, millions of WhatsApp users turned to WhatsApp’s competitors, such as Signal, compelling it to launch its first major privacy-focused advertising campaign in the UK. All of which could have been avoided if it had invested enough time in drafting its privacy policy.”

Robert wassall

Written by Robert Wassall
Robert Wassall is a solicitor, expert in data protection law and practice and a Data Protection Officer. As Head of Legal Services at NormCyber Robert heads up its Data Protection services and advises organisations across a variety of industries. Robert and his team support them in all matters relating to data protection and its role in fostering trusted, sustainable relationships with their clients, partners and stakeholders.