WhatsApp Ireland secures permission to challenge €225m GDPR fine

WhatsApp Ireland secures permission from High Court judge to challenge €225m DPC fine

Image:
WhatsApp Ireland secures permission from High Court judge to challenge €225m DPC fine

WhatsApp is seeking to quash the fine imposed for sharing users' personal data with Facebook

An Irish High Court judge granted WhatsApp Ireland permission to challenge the country's Data Protection Commission's (DPC) decision to fine it €225 million (about £193 million) for a GDPR breach.

The matter came before Mr Justice Anthony Barr on Monday, and he allowed the European arm of WhatsApp to bring its legal challenge.

The DPC issued the fine in September after it found that the Facebook-owned private messaging platform had breached the European Union's General Data Protection Regulation (GDPR) on data protection.

The watchdog said that the platform did not properly inform EU citizens about how it handles their personal data, and that it also failed to tell users how it shares the information it collects with its parent company.

The DPC ordered WhatsApp to update its privacy policy and change how it communicates with users about sharing their data with other firms.

WhatsApp said it disagreed with the decision and commenced its legal challenge the same month.

Facebook claimed that the fine issued by the DPC was disproportionate.

The High Court adjourned the matter at that time, saying the application to have the DPC's decision judicially reviewed should be made in the presence of lawyers for Ireland DPC and the Attorney General (AG).

As reported by the Irish Times, Declan McGrath Senior Counsel for WhatsApp Ireland said in the court on Monday that his client's application for permission to bring the legal challenge was not being opposed. He added that the DPC and AG were not objecting to WhatsApp's application to modify some technical aspects of its judicial review proceedings.

In its judicial review proceedings, WhatsApp claims the DPC's decision is unconstitutional and that sections of the 2018 Data Protection Act are incompatible with Article 6 of the European Convention on Human Rights (ECHR).

Article 6 states of ECHR states that everyone is entitled to a fair and public hearing within a reasonable time by an impartial and independent tribunal established by law.

WhatsApp now seeks an order from the court quashing the DPC's decision to fine the company, as well as declarations that certain provisions of the 2018 Act are invalid and unconstitutional.

The DPC investigation into WhatsApp began in December 2018, shortly after the GDPR came into force. It looked into 'whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp's service'.

Under European law, the Irish DPC acts as the lead regulator in cross-border data privacy cases dealing with Facebook and other tech firms with their European headquarters in Dublin.

The GDPR requires companies to be transparent with their customers about how they use customer data.

On Monday, Justice Barr adjourned the matter to a date next month.

The €225m fine issued to WhatsApp Ireland is the second-largest ever handed out under GDPR regulations.

In July, Luxembourg's data regulator gave Amazon a record €746 million (£635 million) fine for breaching EU privacy laws. Amazon said at the time that the decision was 'without merit' and that it would appeal the ruling.

In April, the DPC also launched an inquiry into the Facebook over a data leak that allegedly exposed the personal details of about 533 million users. If the DPC finds Facebook guilty, the company could face a financial penalty of up to four per cent of its $86 billion (£62 billion) global revenue.