WhatsApp Ireland Limited – €225,000,000 Fine (Ireland, 2021)
WhatsApp was fined a large amount for not being clear about how it handles user data and privacy. This ruling is crucial as it emphasizes the need for transparency in how companies communicate with users about their data practices.
What happened
WhatsApp was fined for failing to meet transparency obligations regarding user data under GDPR.
Who was affected
WhatsApp users and non-users who were affected by unclear data practices were impacted by this ruling.
What the authority found
The Data Protection Commission found that WhatsApp did not comply with GDPR's transparency requirements, which are essential for user trust.
Why this matters
This case sets a strong precedent for other companies to ensure they are clear and transparent about their data practices. It shows that regulators are serious about enforcing privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Entities Involved
This DPC decision is the result of an own-volition inquiry pursuant to section 110 Data Protection Act 2018. It was prompted by various complaints sent by individual data subjects as well as a mutual assistance request from the German Federal Data Protection Authority concerning WhatsApp’s transparency obligations following the entry into force of the GDPR in May 2018. The inquiry focused on: # WhatsApp’s transparency obligations in the context of non-users under Articles 14 and 12(1) GDPR # WhatsApp’s transparency obligations in the context of users under Articles 13 and 12(1) GDPR. # WhatsApp’s transparency obligations in the context of its relationship with other Facebook Companies and any sharing of user data in the context of that relationship. Following an investigation lasting from December 2018 to December 2020, the DPC submitted a composite draft decision to other DPAs in accordance with Article 60 GDPR. On 24 December 2020, it referred the objections to the EDPB, as required by the Article 65(1)(a) dispute resolution mechanism. The EDPB then adopted its binding Article 65 GDPR decision on July 28 2021. Consequently, the DPC amended its draft to take into account the EDPB’s determination of the various objections from the other DPAs which it deemed to be “relevant and reasoned” for the purpose of Article 4(24) of the GDPR. Notably, it required the DPC to find that WhatsApp failed to comply with the key principle of transparency set out in Article 5(1)(a) GDPR, a matter it had not originally assessed. First, it found WhatsApp denied non-users their right to exercise control over their personal data by failing to provide them with the information prescribed by Article 14 GDPR. Second, it held WhatsApp failed to provide users with sufficiently meaningful information regarding nearly every category of information to be provided under Article 13 GDPR, making it impossible for them to adequately consider and exercise their data rights. Third, it included an
Related Enforcement Actions (0)
No other enforcement actions found for WhatsApp Ireland Limited in IE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 August 2021
Authority
Data Protection Commission
Fine Amount
€225,000,000
GDPRhub ID
gdprhub-3914About this data
Cite as: Cookie Fines. WhatsApp Ireland Limited - Ireland (2021). Retrieved from cookiefines.eu
Last updated: