WhatsApp has been fined a record €225m (£193m) after it was found to have breached EU data protection rules.
An investigation by Ireland’s privacy watchdog found that the company broke stringent regulations in relation to sharing people’s data with other companies also owned by parent firm Facebook.
The Data Protection Commission said on Thursday it was also ordering WhatsApp to take “remedial actions”, so that its data processing complies with EU rules.
WhatsApp said the fine was out of proportion, and that it would appeal the decision.
The announcement wraps up an investigation into the messaging service that opened in December 2018, after EU rules known as General Data Protection Regulation (GDPR) took effect.
The penalty is the second-highest handed out under the GDPR rules to date and the biggest ever issued by the commission in Ireland, beating a €400,000 (£344,000) fine given to Twitter for a security breach.
The commission said the case against WhatsApp examined whether Facebook followed GDPR requirements to be transparent for both users and those who didn’t use its service.
This included how people’s data is processed between WhatsApp and other Facebook companies.
The Irish watchdog acts as the lead regulator on cross-border data privacy cases in the EU, as many large tech companies have their European headquarters in Dublin.
Following the ruling, WhatsApp said in a statement it is “committed to providing a secure and private service”.
“We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so,” the statement read.
“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”