(Ireland) A key announcement on potential fines for WhatsApp has been pushed into next year, due to procedural objections made by WhatsApp's lawyers. Fortune reports as follows:
Those waiting for Europe’s tough privacy laws to seriously bite Big Tech will have to keep waiting a while longer.
Ireland’s privacy watchdog was due to say next month whether WhatsApp had broken the General Data Protection Regulation (GDPR) by not giving people enough clear information about how it uses their personal data. The draft decision was expected to say how big a fine WhatsApp owner Facebook was liable to pay—under the law, potential fines run as high as 4% of global annual revenues.
However, a procedural complaint by WhatsApp’s lawyers has now shoved that decision into next year, Ireland’s data protection commissioner Helen Dixon told Fortune Tuesday on the sidelines of the Fortune Global Forum in Paris.
The delay will add to the sense that European regulators have been slow to enforce the GDPR—which came into effect in May 2018—on its biggest targets. But Dixon, who has jurisdiction over Facebook because its international offices are located in Ireland, said she had no choice.
“Some legitimate queries have been raised by [WhatsApp] during the decision-making phase… in terms of whether the interests of [WhatsApp] are protected in the process that we’re pursuing,” Dixon said. “We are therefore obliged to respond carefully to these queries.”
(Privacy press clipping sourced via Fortune)
A decision on what sort of fine WhatsApp may face is now not expected until 2020. The procedural complaints raised by WhatsApp relate to the way the Irish DPA coordinates with other data protection authorities in Europe, a live practical issue under the GDPR. The head of the Irish DPA, Helen Dixon, has said she wants to resolve these complaints before issuing an enforcement decision.
The delay speaks to caution on the part of the regulator, which will be aware that any large fine is likely to be appealed by WhatsApp.
Any fine would be among the first, if not the first, to be issued in Ireland. The Irish DPA has not imposed any fines since the GDPR entered into force in May 2018.