Credit: Unsplash

WhatsApp must pay 225 million euros.

According to a statement issued by Ireland’s Data Protection Commission, Facebook-owned chat app WhatsApp is in violation of EU data privacy laws. Specifically, the app failed to inform its users of the precise scope to which their data is utilized, as well as how it is passed on to its parent company. For this violation, WhatsApp is being fined 225 million euros, approximately $267 million USD.

In addition to paying the fine, WhatsApp is being required to update and expand its existing privacy policy. The policy will need to cover, in complete and exhaustive detail, the precise extent to which user data is gathered and utilized, as well as the measures the app takes to make users aware of this. These are the requirements set forth by Europe’s General Data Protection Regulation, which was put into effect in 2018 to govern how tech companies utilize user data in the EU.

WhatsApp, for their part, are planning on appealing the violation and fine. “WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so,” a spokesperson said in an email to The Verge. “We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

So far, this is the second largest fee the DPC has slapped a tech company with, with the largest fee remaining the $887 million issued on Amazon for similar data privacy violations back in July.