Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

WhatsApp to Appeal $266 Million Fine for Violating EU Privacy Laws

WhatsApp to Appeal $266 Million Fine for Violating EU Privacy Laws

Ireland’s Data Privacy Commissioner (DPC) has hit Facebook-owned messaging platform WhatsApp with a €225 million ($266 million) administrative fine for violating the EU’s GDPR privacy regulation after failing to inform users and non-users on what it does with their data.

EU data regulators can impose maximum GDPR fines of up to €20 million (about $24.3 million) or 4% of the infringing company’s annual global turnover – whichever is greater – for violating EU’s privacy laws.

The fine follows an investigation started in December 2018 after the data watchdog received multiple complaints from “individual data subjects” (both users and non-users) regarding WhatsApp data processing activities.

Throughout the investigation, Ireland’s DPC “examined whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service.”

Also Read: How Long Do Employers Keep Employee Records After Termination? 1 Hard Question

“This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies,” the regulator explained.

WhatsApp’s fine reflects the infringements the EU regulators found:

  • In respect of Article 5(1)(a) of the GDPR (a fine of €90 million);
  • In respect of Article 12 of the GDPR (a fine of €30 million);
  • In respect of Article 13 of the GDPR (a fine of €30 million); and
  • In respect of Article 14 of the GDPR (a fine of €75 million).

On top of the fine, the Irish data watchdog also ordered WhatsApp to bring its processing into compliance with GDPR’s requirements by taking a range of specified remedial actions with a deadline that will expire in three months. The decision of the Irish DPC can be found and read in full here.

Fine quadrupled after objection from other EU data regulators

What makes this fine stand out—besides its size—is the fact that eight other EU privacy regulators (including Germany, France, Hungary, Italy, Portugal, Holland, and Poland) opposed the initial €50 million fine the Irish data privacy watchdog proposed and ordered it to reassess.

This led to the fine being increased by more than four times after the Irish watchdog was forced to consider all of WhatsApp’s infringements when calculating the amount of the fine.

“Following a lengthy and comprehensive investigation, the DPC submitted a draft decision to all Concerned Supervisory Authorities (CSAs) under Article 60 GDPR in December 2020. The DPC subsequently received objections from eight CSAs,” the Irish regulator said today.

“The DPC was unable to reach consensus with the CSAs on the subject-matter of the objections and triggered the dispute resolution process (Article 65 GDPR) on 3 June 2021. On 28 July 2021, the European Data Protection Board (EDPB) adopted a binding decision and this decision was notified to the DPC.

Also Read: Thinking of Shredding or Burning Paper? Here’s What You Should Know

“This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.”

WhatsApp will appeal the decision

“WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so,” the company said in a statement.

“We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate. We will appeal this decision.”

In May, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) banned Facebook from processing WhatsApp user data until the end of August after WhatsApp said it would restrict account features for users who refuse to give up control of their data and have it shared with Facebook companies.

After the HmbBfDI ban, WhatsApp backtracked on its plans stating that “given recent discussions with various authorities and privacy experts, we want to make clear that we will not limit the functionality of how WhatsApp works for those who have not yet accepted the update.”

In related news, Amazon has also been hit with a record-breaking €746 million fine in July by the Luxembourg National Commission for Data Protection (CNPD) for GDPR violations regarding its targeted behavioral advertising, the largest ever fine issued by an EU data watchdog for GDPR violations.

Amazon also told BleepingComputer that it would appeal the decision as it “strongly [disagreed] with the CNPD’s ruling.”

“The decision relating to how we show customers relevant advertising relies on subjective and untested interpretations of European privacy law, and the proposed fine is entirely out of proportion with even that interpretation.”



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us