Is data protection baring its teeth?

Since the European Supervisory Authorities have set new records in the imposition of fines this summer, the relevant conclusion can be made. In July, Luxembourg’s National Commission for Data Protection notified Amazon of a fine of € 746 million, and in September, the Irish Data Protection Commission notified a fine of € 225 million to WhatsApp.

Although there is still much-undisclosed information in the Amazon case, the company is primarily accused of using and transmitting sensitive personal data. There is a general allegation of a breach of the General Data Protection Regulation (GDPR), and the fine depends on the company’s global turnover. As Amazon considers the allegations unfounded, it promises to fight a huge fine decision.

The communication application WhatsApp, the subsidiary of Facebook, has won a record second place in the amount of the fine imposed. The proceeding, which started in 2018, resulted in a fine of € 225 million in September. According to the Irish Data Protection Commission, it is justified by a lack of transparency in processing personal data.

Allegedly, WhatsApp has shared the data with other companies of the Facebook corporation without sufficiently informing the users. WhatsApp also promises to strongly challenge the fine decision, as it considers the amount of the fine to be disproportionate.

It should also be noted here that the Irish Data Protection Commission intended to fine WhatsApp € 40-50 million; however, a binding decision by the European Data Protection Board forced the national authority to increase it significantly.

These signs indicate that European data protection has started to fully implement the GDPR, and technology giants’ fine decisions related to turnover numbers have become increasingly common. Every company has a reason to review its data processing processes and their compliance with the rules, as supervision of the processing of personal data is on the rise in Europe.