After a two-year investigation, Ireland fined WhatsApp a record €225m (£193m, ($266m) on Thursday for privacy law breaches, after it failed to tell users how it was sharing data with parent company Facebook (FB).
It marks one of the biggest fines ever relating to GDPR law. The penalty is more than four times that of the €50m the regulator had originally proposed.
The messaging app said the fine was "entirely disproportionate" and that it would appeal against the decision.
Ireland's Data Privacy Commissioner said the fines are related to whether WhatsApp had conformed in 2018 with EU data rules about transparency.
"WhatsApp is committed to providing a secure and private service. We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018," a WhatsApp spokesperson said.
The fine follows the European Data Protection Board advising the Irish watchdog in July to address criticism from its peers that it had not fined tech giants enough for breaches and had taken too long to decide outcomes.
At the time it said that WhatsApp should be given three rather than six months to comply.
Earlier this year, WhatsApp had come under fire for a proposed change to the way it shared data on its service. Users concerned about privacy fled the service and flocked to rivals Telegram and Signal, before the app decided not to implement the change.
The update concerned how merchants using WhatsApp to chat with customers can share data with Facebook, which could use the information for targeted ads.
Location data along with message contents is encrypted end-to-end, according to WhatsApp.
The Irish regulator currently has more than two dozen investigations into big tech organisations open.