WhatsApp has updated its privacy policy for its European users after being given a record €225m GDPR fine.
On 22 November the messaging platform confirmed the policy will not change their service or how it handles user data but will provide more details about how users’ personal information is passed to its parent company Meta, which also owns Instagram and Facebook.
This clarification will only appear on its European version of the privacy policies and does not require users to agree or take action.
The privacy policy update came after “a lengthy and comprehensive investigation” by the Irish Data Protection Commission (DPC) and a binding decision from the European Data Protection Board (EDPB) on 28 July that the DPC reassess the case and increase WhatsApp’s proposed fine for not being “transparent about sharing data with their parent company”.
Subsequently, DPC imposed its largest ever GDPR fine on the Meta company and the second-highest under EU GDPR rules after Amazon was fined $886.6m by Luxembourg’s National Commission for Data Protection earlier this year.
The DPC also imposed “a reprimand” along with the fine ordering WhatsApp to “bring its processing into compliance by taking a range of specified remedial actions” for the GDPR breach.
The data authority stated they had found violations in how WhatsApp had explained how processed users and non users’ data was processed.
WhatsApp privacy policy still has end-to-end encryption
On its Help Center, WhatsApp specifies that it shares certain categories of information with Meta Companies like account registration information, transaction data, service-related information, mobile device information, business interactions on its services and other points of information based on consent.
However, it does emphasise that this content is not applicable to users in the European region and that it will “always protect personal conversations with end-to-end encryption, so neither Whatsapp nor Meta can see these private messages”.
This limitation also applies to logs of messaging and calling, shared locations and contacts per its update in January of this year.
This latest privacy ruling comes as a key European regulator was about to rule IAB Europe’s Transparency & Consent Framework illegal earlier this month.
Whatsapp is appealing the decision by the EDPB and DPC.
