After record GDPR fine, WhatsApp finetuned its privacy policy in Europe

Whatsapp updated its privacy policy for its European users -- changes that favor the lead European data protection regulator.
30 November 2021

After a record GDPR fine, WhatsApp fine tuned its privacy policy in Europe. (Photo by INDRANIL MUKHERJEE / AFP)

  • WhatsApp users in Europe and the UK will receive a notification directing them to the updated info in line with the GDPR 
  • The refreshed privacy policy cover in detail how the Meta-owned messenger app collects, uses, stores, and deletes users’ data

In September this year, when WhatsApp was fined a colossal €225 million by Ireland’s data watchdog for breaching European Union (EU) data privacy regulations, the Facebook-owned messaging app decided to appeal against the fine. While the popular OTA app wasn’t open to paying the hefty amount –the second-largest GDPR fine in history –– WhatsApp said it was ready to amend its privacy policies to comply with Europe and the UK.

And that is exactly what it did — amend. Published this week, WhatsApp said it has rewritten its privacy policy for European users, including more detail about how the Meta-owned company collects and uses customer data as well as how it is stored and when it is deleted.

The policy further added more detail on why WhatsApp shares data across borders, as well as the legal basis for processing users’ information. WhatsApp said its users in the EU and the UK will receive a notification directing them to the updated information, but will otherwise not have to take any action.

“This update does not change the way we operate our service, including how we process, use or share your data with anyone, including our parent company Meta,” WhatsApp said. The company, while admitting it disagreed with Ireland’s data watchdog decision, still had to comply by updating its policy.

Whatsapp also found it necessary to reiterate that its service is, and continues to be, end-to-end encrypted — meaning messages can only be read by the sender and recipient. According to the FAQs on its website, WhatsApp states that it shares phone numbers, transaction data, business interactions, mobile device information, IP addresses, and other information with parent entity Facebook

The sharing of information, however, does not include personal conversations, location data, or call logs. To recall, the GDPR fine imposed on Whatsapp is associated with an investigation that started in 2018 about whether WhatsApp had been transparent enough in its handling of user information. The initial fine was €50 million.

According to a report by Reuters, the Irish regulator had 14 major inquiries into Facebook and its subsidiaries WhatsApp and Instagram open as of the end of last year. The GDPR first came into force in 2018, allowing regulators to slap companies with penalties of up to 4% of their annual revenue if they mishandle people’s data. 

Separately this year, Luxembourg’s data protection authorities imposed a record-setting €746 million fine on Amazon in July. The GDPR precisely grants individuals a fundamental right to the protection of their personal data. Individuals also have a right to share their personal data or withhold it, within certain rigid parameters.