WhatsApp has been hit with a fine of €225 million by the data protection commissioner, following an investigation into GDPR practices at the company.

The record fine came after the probe found WhatsApp had breached European Union laws on transparency, and the sharing of user information with other companies owned by Facebook.

In addition to the fine, the office of the data protection commissioner (DPC) in Dublin also issued a warning to WhatsApp and ordered it to bring its processing into compliance with EU standards.

The investigation, which began in December 2018 examined if WhatsApp had complied with its obligations under the EU’s General Data Protection Regulation (GDPR).

It is the second, and largest fine issued by the DPC under the GDPR, after Twitter was hit with a €450,000 penalty in 2020 over a security breach.

The investigation into the Facebook-owned messaging service examined if the company had met its transparency obligations around the provision of information to both users and non-users.

This included whether users had been provided with information about data sharing between WhatsApp and other Facebook companies.

In a press statement, WhatsApp said the fine was “disproportionate” and said it will appeal the ruling.