Interesting notes:<p>> <i>However, WhatsApp Ireland, which had previously set aside €77.5m for a possible fine</i><p>Right there. The cost of violations is priced in. Companies actually misbehave and simply accept a potential fine as a business expense.<p>> <i>The company is also understood to feel that the fine is out of step with previous GDPR related fines.</i><p>It just sucks for our shareholders if the fine is higher than we expected.<p>> <i>Sources close to the company, which is owned by Facebook, said rather than making its policy shorter and less complicated, the decision would mean it would have to add even more information to its already long and complicated privacy policy.</i><p>The lies, incredible. Just don’t collect data, then your privacy statement is very very simple. Only complicated agreements require complicated 5,000 word privacy declarations.
One important thing to note is that the DPC (Irish DPA) did not want to fine WhatsApp and only did so after being forced by other DPAs through the arbitration process.<p>You can consult the EDPB decision on that matter here: <a href="https://edpb.europa.eu/our-work-tools/our-documents/binding-decision-board-art-65/binding-decision-12021-dispute-arisen_fr" rel="nofollow">https://edpb.europa.eu/our-work-tools/our-documents/binding-...</a><p>EDIT: Max Schrems' reaction (NOYB):<p>>"We welcome the first decision by the Irish regulator. However, the DPC gets about ten thousand complaints per year since 2018 and this is the first major fine. The DPC also proposed an initial € 50 million fine and was forced by the other European data protection authorities to move towards € 225 million, which is still only 0.08% of the turnover of the Facebook Group. The GDPR foresees fines of up to 4% of the turnover. This shows how the DPC is still extremely dysfunctional."<p>source: <a href="https://noyb.eu/en/statement-dpc-issues-eu-225-million-fine-whatsapp" rel="nofollow">https://noyb.eu/en/statement-dpc-issues-eu-225-million-fine-...</a>
Noyb[0] does an outstanding amount of work to help EU citizens enforcing their data sovereignty, not only against US companies but against any company that doesn't respect privacy-related laws (e.g., [1]).<p>As EU citizen, I am more than happy to support them through membership, and I urge any fellow citizen who is interested in privacy issues, to inform themselves over nyob, and support them!<p>[0]: <a href="https://noyb.eu/en" rel="nofollow">https://noyb.eu/en</a>
[1]: <a href="https://noyb.eu/en/data-voodoo-credit-ranking-agency-crif-creates-credit-rating-out-thin-air" rel="nofollow">https://noyb.eu/en/data-voodoo-credit-ranking-agency-crif-cr...</a>
The history of the decision making around this is interesting. I didn't realise that data protection agencies in other EU countries could effectively vote on the decisions of the lead agency (in this case Ireland). I feel like that's a nice system. On the one hand straightforward complaints can be handled quickly, but more contentious decisions can be handled collectively without giving companies the ability to shop around for light touch regulation.
I wonder if it will have an impact on them at all.
><p>> It is the largest fine ever imposed by the DPC and the second largest penalty ever levied on an organisation under EU data laws
Would be cool if one could opt out of the data collection they do by paying them actual money. In the beginning, WhatsApp charged a couple of dollars a year. I would be willing to pay a couple of ten dollars a year for their service to obtain more privacy from Facebook Inc.
The article doesn't seem to explain at all what the specific violations are. The article also seems like it was written for the "simple English" Wikipedia. I get all anxious with this new thing of putting every sentence in its own paragraph.
Does anyone know if these fines ever get collected? And if they get collected what % of the headline figure?<p>Or are many of these headlines just a pay day for lawyers?
Notable here is that the Irish Data Protection Commission does not want to enforce GDPR or fine Facebook. They are kinda forced by law. They are famously slacking, likely bcause Ireland wants to be a hub for large US IT companies. This large fine mostly came because they were forced by the European Data Protection Board.
That's still pocket change for Facebook.<p>In order to have any deterrence effect, any fine should probably be at least 20 times higher. Otherwise, it is almost always better for those large companies to violate the law, reap profits, pay the fine and benefit from their disregard of the law.
That's really too little of a fine for them to care. Fines need to discourage the action in the future and at this point the fine is a profit for Facebook.
Ironic that the website hosting the article likely itself violates the GDPR.<p>It makes it much easier to accept all cookies than to reject, without any good technical reason to do so, and presents the "accept all" as the default choice.