WhatsApp has been fined €225m (£193m) by Ireland's data watchdog for breaching privacy regulations.
It's the biggest penalties the Irish Data Protection Commission has ever imposed, and the second-highest under EU GDPR laws.
The EU headquarters of Facebook, which owns WhatsApp, are in Ireland, and the Irish regulator is the internet giant's main authority in Europe.
WhatsApp has stated that it disagrees with the judgment as well as the harshness of the sentence, and that it intends to file an appeal.
The punishment stems from a 2018 inquiry into whether WhatsApp was being transparent enough about how company manages personal data.
The questions at hand were very technical, such as whether WhatsApp provided users with appropriate information about how their data was processed and if its privacy policies were clear enough.
Those policies have been revised numerous times since then.
According to a business representative, "WhatsApp is committed to delivering a safe and private service."
"We've worked hard to make sure the information we give is clear and thorough, and we'll keep doing so. We disagree with today's ruling on the transparency we offered in 2018, and the fines are completely excessive."
GDPR regulations allow for colossal fines of up to 4% of a company's global sales.
Following "a lengthy and extensive examination," the Irish DPC said it had sent its judgment to other national privacy authorities, as required by GDPR, and had received complaints from eight countries, including Germany, France, and Italy.
Some people disagreed with the Irish regulator about whether specific GDPR provisions had been violated or how the punishment was calculated, among other things.
In late July, the European Data Protection Board ordered the Irish Data Protection Commission to revise its findings, "reassess" its recommended punishment of €30-50 million (£26-43 million), and alter its judgment "by specifying a larger punitive sum."
Formally reprimanded
This "shows how the DPC is still extremely dysfunctional", privacy campaigner Max Schrems said, welcoming the decision.
"The DPC gets about 10,000 complaints per year since 2018 - and this is the first major fine," he said.
And because of WhatsApp's planned appeal, "in the Irish court system, this will mean that we will see years before any fine is actually paid".
The Irish DPC has also formally reprimanded WhatsApp and ordered it to "bring its processing into compliance", however.
Only Amazon has been fined more for breaking GDPR rules, in a case it is also vigorously defending.
In July, Luxembourg's regulator fined Amazon €746m for what it said was non-compliance with data-processing laws.
