Latest Products

From the Archives: Are you GDPR compliant?

Thursday 30 September 2021

WhatsApp is facing the second highest GDPR fine. 

2021 has been bug year for the General Data Protection Right (GDPR) fines, with the Amazon being slapped with a $ 1.1 billion (746 million euros) and this week Facebook’s WhatsApp was slapped with the second highest fine of almost $ 400 million. 

On June 2018, the Office of the Australian Privacy Commissioner (OAIC) published guidance for Australian entities how to comply with the barely month-old European privacy law that was expected to have major international imprecations. 

OAIC said, “Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.”

And highlighted some common requirements with the Australian Privacy Act:
·       implement a privacy by design approach to compliance
·       be able to demonstrate compliance with privacy principles and obligations
·       adopt transparent information handling practices
he major difference that the privacy the regulator highlighted was the right to be forgotten. 

Facebook and the GDPR
This recent fine is not the first one that Facebook has faced. 
In January 2019 the GDPR writes,” Facebook is getting to know privacy legislation pretty well. It has already been fined £500,000 for its involvement in the Cambridge Analytica scandal, the maximum amount allowed under the UK’s old Data Protection Act of 1998. Now that the GDPR is in place, Facebook could face a fine of up to 4 percent of its annual global turnover which, based on its performance over the past fiscal year, could amount to $1.63 billion [$2.6 billion AUD].”

IN a
BBC report it highlighted that this fine is from year-old investigation into issues of transparency with the way the WhatsApp handles data.

Ireland’s Data Protection Agency (DPA) said in a formal statement at the end of last week, “Following a lengthy and comprehensive investigation, the DPC submitted a draft decision to all Concerned Supervisory Authorities (CSAs) under Article 60 GDPR in December 2020. The DPC subsequently received objections from eight CSAs. The DPC was unable to reach consensus with the CSAs on the subject-matter of the objections and triggered the dispute resolution process (Article 65 GDPR) on 3 June 2021.”