Europe’s First Big Privacy Crackdown on Big Tech Is Being Delayed By WhatsApp’s Lawyers

Irish Data Protection Commissioner Helen Dixon speaking at the Fortune Global Forum in Paris.
Irish Data Protection Commissioner Helen Dixon speaking at the Fortune Global Forum in Paris.

Those waiting for Europe’s tough privacy laws to seriously bite Big Tech will have to keep waiting a while longer.

Ireland’s privacy watchdog was due to say next month whether WhatsApp had broken the General Data Protection Regulation (GDPR) by not giving people enough clear information about how it uses their personal data. The draft decision was expected to say how big a fine WhatsApp owner Facebook was liable to pay—under the law, potential fines run as high as 4% of global annual revenues.

However, a procedural complaint by WhatsApp’s lawyers has now shoved that decision into next year, Ireland’s data protection commissioner Helen Dixon told Fortune Tuesday on the sidelines of the Fortune Global Forum in Paris.

The delay will add to the sense that European regulators have been slow to enforce the GDPR—which came into effect in May 2018—on its biggest targets. But Dixon, who has jurisdiction over Facebook because its international offices are located in Ireland, said she had no choice.

“Some legitimate queries have been raised by [WhatsApp] during the decision-making phase… in terms of whether the interests of [WhatsApp] are protected in the process that we’re pursuing,” Dixon said. “We are therefore obliged to respond carefully to these queries.”

WhatsApp’s concerns are partly to do with how Dixon’s office coordinates with other EU data protection authorities as it wraps up the case, and whether her draft decision does or does not include details about fines and potential changes to WhatsApp’s practices, she said.

“For that reason we are now two weeks behind where we were as of three days ago,” Dixon said, adding that the draft decision’s publication date was now “likely to be [in] early January.”

Although the French authorities have already fined Google $57 million for a GDPR violation—also about transparency of information provided to users—many expect substantially higher fines to come from the Irish regulator, due to the fact that Silicon Valley’s biggest names are on her turf. Dixon’s office is currently investigating everyone from Facebook and Google to Verizon, Twitter and a host of lesser-known names in the online data-broker industry.

Dixon’s investigators closed their probes into their first two big cases, concerning WhatsApp and Twitter, in October, when they delivered reports to Dixon, triggering the decision-making phase. Dixon has long predicted that she wouldn’t deliver any final decisions until next year, but she was until now on track to at least publish her draft decision on the WhatsApp case this year, giving other EU regulators a chance to provide feedback before she finalized the decision in 2020.

It may be that this coordinated approach works more smoothly in the future, but for now Dixon, her mainland EU counterparts and Big Tech are all navigating uncharted territory. And for the regulators, who know their decisions are likely to face legal challenges, it seems caution is the order of the day.

WhatsApp had not responded to a request for comment at the time of writing.

More must-read stories from Fortune:

—China has always trailed the U.S. in chipmaking. In the trade war era, will it catch up?
—After record floods, Venice assesses the damage and braces for more
—The trade war cost U.S. farmers their China market. A deal might not bring it back
—Why Mercedes’s self-driving trucks are set to overtake its robotaxis
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Brainstorm HealthBrainstorm DesignBrainstorm TechMost Powerful WomenCEO Initiative