Ireland’s data watchdog penalized Facebook-owned WhatsApp a record 225 million euros ($267 million) for violating EU data privacy laws.

According to the Data Protection Commission of Ireland, WhatsApp does not adequately inform European Union citizens about what it does with their data.

WhatsApp failed to educate Europeans about how their personal data is gathered and utilized, as well as how WhatsApp exchanges data with Facebook, the regulator said.

The DPC has ordered the platform, which is used by over 2 billion people across the world, to make changes to its privacy rules and how it communicates with users in order to comply with European privacy legislation.

As a result, WhatsApp may be forced to expand its privacy policy, which has already been criticized by some users and businesses as being too long and complicated. WhatsApp plans to appeal the judgment.

“WhatsApp is committed to providing a secure and private service. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate,” WhatsApp said.

The penalty imposed by the Irish regulator for infringement of Europe’s General Data Protection Regulation, or GDPR, is the highest ever imposed. GDPR mandates that businesses be transparent about how they utilize consumer data.

The legislation, which was passed in April 2016 and has been in effect since 2018, replaces a previous law known as the Data Protection Directive and aims to harmonize laws throughout the EU’s 28 member states.