Irish Data Protection Authority orders EUR 225 million fine on WhatsApp
The Irish Data Protection Authority imposed a fine of EUR 225 million on the messenger service WhatsApp for a breach of the General Data Protection Regulation (Datenschutz-Grundverordnung, DS-GVO).
In 2018, the Irish Data Protection Authority began investigating whether WhatsApp complied with its transparency obligations under the DS-GVO in relation to the provision of information and, in particular, with regard to the transparency of that information to users and non-users of the WhatsApp service. This includes information for affected people on the processing of information between WhatsApp and other Facebook companies.
As WhatsApp belongs to Facebook and its EU headquarters are located in Ireland, the Irish Data Protection Authority is responsible.
After a long investigation, in December 2020, the responsible data protection officer submitted a draft decision in accordance with Art 60 DS-GVO to all supervisory authorities concerned. He then received objections from eight supervisory authorities and no agreement could be reached, so on June 3, 2021 the dispute resolution procedure in accordance with Art 65 of the DS-GVO was initiated.
On July 28, 2021, the European Data Protection Board (Europäische Datenschutzausschuss, EDPB) issued a binding decision which included a request to the Data Protection Authority to reassess and increase the proposed fine based on various factors contained in the decision. Following this reassessment, the Irish Data Protection Authority imposed the fine of EUR 225 million.
In addition to the fine, the EDPB's decision ordered WhatsApp to bring its processing into compliance with the DS-GVO through further remedial measures.
EDPB, Binding decision 1/2021 on the dispute arisen on the draft decision of the Irish Supervisory Authority regarding WhatsApp Ireland under Article 65(1)(a) GDPR (28.06.2021)
Efficient Legal Information 
Legal Jobs 
Innovative LegalTech Solutions