WhatsApp Fined by GDPR Over Privacy | Your Weekly Social

Reading Time: 8 Minutes

Join with us today as we walk through GDPR, the right to be forgotten, and why Facebook just doesn't care!

WhatsApp is one of the three headed beasts of Facebook, and in a surprise move (in which no one is surprised by), WhatsApp is being called out in a 225 million euro lawsuit. Or maybe it’s the EU just overreacting to a successful US business…

Your Weekly Social is Pullman Marketing’s premiere recap show discussing social media, trends, news, and updates across all manner of platforms including Facebook, Instagram, and Tik Tok!


Alyssa Mullins 0:00
Hi, everyone. I’m Alyssa.

Adam Jones 0:02
I’m Adam.

Alyssa Mullins 0:03
And welcome to Your Weekly Social!

Okay, so Adam, what are we going to talk about today?

Adam Jones 0:13
GDPR. Because that is a thing apparently.

Alyssa Mullins 0:17
Got it. And what is that?

Adam Jones 0:20
Yeah, so GDPR is General Data Protection. It’s a law that came into the European Union. And they’re finally finally finally, actually giving somebody a fine. It’s been applied a couple times, mostly to Facebook, Google, etc. This time, though, it’s WhatsApp.

Alyssa Mullins 0:42
And Whatsapp; they’re on Facebook now too, right? You can message back and forth?

Adam Jones 0:48
Yeah, and that’s the cool part. So WhatsApp is supposed to be like a private, secure signal to people. But it is owned by Facebook now. Good for them. Maybe. But you’re also able to advertise through Facebook, to WhatsApp. Just like we can advertise within Facebook over into Instagram. They’ve added the funcionality so that it’s a property inside of it. The main thing, and this is for GDPR in general, because of General Data Protection, is that they want to have the right to be forgotten. And that’s a really big thing that the European Union has been trying to push for years, actually. And we do reference an article discussing it a little bit, I think was the New York Times.

Alyssa Mullins 1:36
Yes, it was the New York Times article.

Adam Jones 1:37
it was actually passed in 2016. Yeah, it’s been a while. But they gave companies like a two year headstart, like, “This is passed, now you have two years to become compliant.” And now we get lawsuits.

Alyssa Mullins 1:53
Going back to WhatsApp… how private is WhatsApp? Because I’ve kind of used it a couple times. And I know that you can do some things to your chat itself to make it more private. But is it really that secure, like in general?

Adam Jones 2:10
That’s a great question. So, as far as we understand it, and there’s some other YouTubers you can check out that take that privacy thing, really, really seriously. Even if you get a brand new phone, and you connected to your Wi Fi; that phone can now be identified to your household and be loaded to your persona or your family accounts, or at least be advertised to as a part of that grouping. The moment you add it to your Facebook, they just map everything. Your entire digital identity is then openly displayed for everybody. So WhatsApp kind of walks this interesting border, saying that your messages are encrypted. And that’s about it. But technically, if you tied it to your Facebook, you’re still identified as an individual. The terms of encryption, well, that’s hard. A lot of these organizations and big tech, they’ll have backdoors for law enforcement to be able to access it regardless. And we talked about this with Apple. You know, they’re going through and they’re scanning your phone now. And even with the issue of the San Bernardino shooter, they can unlock your phone and they can break in and see it. The FBI can already do that NSA can already do most of those things, as far as we know. And so Snapchat, they had these lawsuits in America years ago, because they have, I want to say it was called Lion or something. But it’s a tool for law enforcement to be able to go and look at your snapchats even though they’ve been “deleted.”

Alyssa Mullins 4:00
Yeah, because they’re not fully deleted.

Adam Jones 4:04
They’re deleted from your chat history, but they’re not deleted from the actual server. I assume WhatsApp has the same features, or same feature set. It’s not necessarily private. But the thing that the European Union was really trying to hit on was this idea of the right to be forgotten. So that you can go to Google, you can go to Bing, you can go to Facebook or even a website and say, “I want to be forgotten. I may have filled out a form. I may have subscribed to your newsletter list. I may have interacted with you and I have some cookies. This is my information. This is who I am. Delete it all.” And if you don’t, they can find you up to 4% of your gross annual income slash revenue.

Alyssa Mullins 4:56
So in being forgotten… So how do you even verify that you’ve been forgotten? Like, is there a way todo so? Do they send you a little letter in the mail? And they’re like, “All right! Don’t worry, you’ve been forgotten!” How do you even make sure that that’s what’s actually happening?

Adam Jones 5:18
Yeah. And that’s where they’re trying to get into compliance. I will say it took a lot of companies up until probably at least late 2019, early 2020, to get close to compliance. And the day that GDPR went live in 2018, the immediately put lawsuits out. Like, it was almost made for Facebook and Google. How do we verify that it’s been forgotten? I don’t know. And I’m okay saying “I don’t know.” Because, like you said, maybe we send you an email saying, hey, you’ve been forgotten. But then I tracked the fact that you open that email. I mean, that’s what MailChimp does, that’s what HubSpot does; all the other tools, they track those emails. They may have forgotten everything before that point, but that doesn’t stop them from starting again.

Alyssa Mullins 6:05
And then even then, do you want to be forgotten? Is that something that people consistently want enough? Or is it just that security blanket of, “I want to feel that I have some more privacy, and so then I want to be forgotten.”

Adam Jones 6:21
Yeah, that’s a great question. I’d say people ask for it, but they don’t really use it. And this was an interesting thing in Facebook. So during most of the 2016 election, people were horribly offended at the political ads, and the data they had on themselves. And so Facebook did go, I will say, did go above and beyond, and added in stuff saying, “This is all the data we have on you. This is how we’ve categorized you. You can delete it, you can change it, you can remove it, you can adjust it- you are free to do that yourself.” And they had maybe… it’s been a while, so my data and statistics could be off. But my memory was about 64,000 people actually used those features.

Alyssa Mullins 7:12
That’s probably not a lot in comparison to the number of people that are actively using Facebook.

Adam Jones 7:17
Of Americans, yeah.

So people ask for it. People do want it and desire it. Google for a long time has been a proponent of, “Hey, if you don’t want to be caught, then don’t do it!” And that’s been a big issue with Google Maps. And that kind of plays into it of Google Maps, where, “I don’t want to be identified. I want to be forgotten.” Where this is really curious, is that it’s a $225 million lawsuit for WhatsApp. They of course appealed. But it’s for not communicating well enough to the user base. There wasn’t a breach, it was just, “We don’t think you’ve done well enough.” And $225 million isn’t the 4% of their gross. And there’s people on all sides. Some people are saying like, “Oh, you didn’t charge enough!” Other people are like, “Why is this an issue. Why is this a thing?”

Alyssa Mullins 8:08
It’s interesting to see how there’s just constant battles, especially lately, from what I’ve recognized. Privacy is just becoming more and more of an issue where some people want to be more private, and they want more privacy in their online presence. And then other people kind of don’t mind and are just going with it, and are like, “Here’s everything about me, it’s out here.” And seeing that split, and then the battles between like what we talked about a couple weeks ago, with Apple, and then today.

Adam Jones 8:45
Where we stand, with Pullman Marketing our company, is that we like to make targeted ads, so we need to know a little bit about you. Because if we send ads to people who aren’t interested or don’t identify, well then they get annoyed at the ads. But for someone who genuinely needs a product, whether that’s music or car parts or other things, you know, that actually could be timely. And so then the customer is happy. The business that we serve is happy. We’re happy because these two people are happy. And then ultimately Facebook or Google or somebody else is happy because we use their ad platform. So when it’s done well, it’s not that we’re trying to invade privacy. We don’t really care what people do. We actually are more about creating a good customer experience. And it’s like going through Tik Tok and you’re like the hard press, not interested hard press. Not interested.

Alyssa Mullins 9:52
And then they still will feed you a few new things to see and gauge, like, “Is this something that you’re interested in? Yes? No?” This is what’s trending right now, even. “Do you want to follow this trend? Yes? No?” How long did you watch the video for even? And then everything kind of changes up your feed from there too.

Adam Jones 10:13
Yeah, absolutely. And it is frustrating when they keep feeding you things that you’ve actively said, “I do not want”. Where if the algorithm was optimized more for the things you do want? Yeah, we’re fine! We’ll keep scrolling, we’ll still be a part. I keep getting these dresses. And I’m like, “Why? I’ve said no.”

Alyssa Mullins 10:35
Is it, is it like the dress that has the shorts on?

Adam Jones 10:39
Yeah, the Halara.

One thing that is kind of a nuance piece of this, because we’re talking about the European Union, California actually has a minified version of GDPR. Which is where all the tech is too. In some cases where we advertise, we do have to be careful with GDPR, slash, the California version. And we do see these things as possible to look out for. And possible, I wouldn’t say complications, but ongoing nuances that we as a company get to monitor and be a part of.

Alyssa Mullins 11:15
It’ll be interesting to see how everything kind of changes and shifts, and how privacy- this battle for privacy- continues on, even throughout the rest of this year. Because there have been a lot of things popping up just this year alone. And so seeing how that shifts up until December it will be very interesting to follow.

Adam Jones 11:40
So, that being said, we hope that you guys are following us on Facebook, YouTube, Tik Tok, Instagram; all the cool places. Those are the cool places, right?

Alyssa Mullins 11:53
Mostly, yeah.

Adam Jones 11:55
I’m old, it’s okay. But yeah! Like, follow, subscribe, hit the bells; hit the bell really hard, like all your might.

Alyssa Mullins 12:04
And also, the other end of it is, if you guys have any questions, or want us to talk about something in the next few weeks to come, leave a comment or send us a message on any of the apps previously stated. And we’ll go ahead and look into that and see what we can learn and, you know, tell you guys about! Thanks, guys for watching, and I’ll see you next week!


Does The General Data Protection Regulation (GDPR) Impact my Website and Business?

It probably does.

Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.

In a nutshell, you may not rely on this as legal advice, or as a recommendation of any particular legal understanding.

GDPR has been around for several years, but in May 2018, it has begun enforcement. Microsoft did a great article to help explain what it is, located here. In short:

The new General Data Protection Regulation (GDPR) is the most significant change to European Union (EU) privacy law in two decades. The GDPR requires that organizations respect and protect personal data – no matter where it is sent, processed or stored. Complying with the GDPR will not be easy. To simplify your path to compliance, Microsoft is committing to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018.

Currently, the regulations are a bit vague on what they mean, but here is what they are trying to accomplish:

  • Protecting any European Union national’s personally identifying information from malicious use
  • Protecting the “right to be forgotten”
  • Protecting the “right to request data”
  • Become a HIPAA-like standard for data-handling

Here are some examples outlined that help identify how you might need to make your business compliant:

  • Collecting email addresses for a newsletter or marketing list (“name@wherever.com” is personal, “info@wherever.com” is not considered personal)
  • Having a shopping cart installed for taking orders
  • Using Google Analytics to analyze website traffic (IP addresses used)
  • Having comments turned on for pages/posts on your website, etc.
  • Storing photos of people (would apply to wedding photographers, membership sites – like Facebook)
  • Using a plugin on your website that uses cookies / sends data to other places

If you fall into any of these categories, you may need to look at how to comply with GDPR regulations of data management, request for deletion and more.


But why is this important?

Mostly because of the fines. According to https://www.gdpr.associates/data-breach-penalties/:

There will be two levels of fines based on the GDPR. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. The potential fines are substantial and a good reason for companies to ensure compliance with the Regulation.

It is unlikely that the EU will go after smaller companies. It appears that this is geared towards punishing larger corporations. However, there is a strong likelihood that America will follow suit with our own GDPR style regulations for personal data protection.

How do I become GDPR compliant?

  1. Auditing Personal Data You Collect
  2. Privacy Policy
  3. Cookies Policy
  4. All Forms (Contact, Comments, etc) – add checkboxes to give consent to collect their data and accept the privacy policy
  5. Process for Data Deletion Requests
  6. Signed Processor Agreement
  7. Update your Business Insurance Policy

We can also help you become GDPR compliant by calling us at (509) 240-9735 or use our contact form and we at Pullman Marketing would love to help you through this process.

Explore More Topics

Sign Up For Our Newsletter

Join The Hundreds of Other Business Owners on Our list That Get Articles, Webinars, and Industry Updates.

  • This field is for validation purposes and should be left unchanged.

Share To Your Friends


Free SEO Audit

Boost Your Brand and Your Business Today



While many reminence of “SEO Past,” our team holds years of experience and certifications to understand the ever changing environment of Google and Bing

Our SEO Audit is objective and we provide a road map for your website to improve its performance as part of our process.

Marketing Strategy

Boost Your Brand and Business Today

While many go for a shotgun marketing approach and social media “tricks,” our team holds years of experience and a passion for our customers  to understand the ever changing playing field.

Our Marketing Strategy Workshop is objective and we provide a road map for your business to identify your target audience, create a consistent brand identity and image, and tactics to improve your awareness, efficency and profitability.

"*" indicates required fields


Join Our Email List

Let's Go To The Moon Together.

  • This field is for validation purposes and should be left unchanged.