WhatsApp Ireland Ltd. – €225,000,000 Fine (Ireland, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
WhatsApp Ireland was fined €225 million by the Irish Data Protection Commission for not being transparent enough about how it handles user data. The investigation found that WhatsApp failed to clearly inform users about data collection and sharing practices. This case highlights the need for companies to provide clear and accessible information about data use.
What happened
WhatsApp was fined €225 million for failing to provide clear and transparent information about its data handling practices.
Who was affected
Users and non-users of WhatsApp who were not adequately informed about how their data was being collected and used.
What the authority found
The Irish Data Protection Commission found that WhatsApp violated GDPR's transparency requirements by not clearly informing users about data collection and sharing.
Why this matters
This significant fine underscores the importance of transparency in data handling. Companies must ensure their privacy notices are clear and accessible to avoid similar penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Irish DPA (DPC) has imposed a fine of EUR 225,000,000 on WhatsApp Ireland Ltd. The DPA had started extensive investigations into the messaging service's compliance with transparency obligations back in December 2018. In this context, the DPC investigated whether WhatsApp complied with its obligations under the GDPR regarding the provision of information and the transparency of this information to users and non-users of WhatsApp. In the course of the investigation, the DPC found that WhatsApp had committed serious violations of Art. 12 GDPR, Art. 13 GDPR and Art. 14 GDPR with respect to the information provided to users. Following the investigation, the DPC submitted a draft decision under Art. 60 GDPR to other affected European supervisory authorities in December 2020. The DPC subsequently received objections from eight supervisory authorities. Due to lack of agreement, the DPC initiated a dispute resolution procedure pursuant to Art. 65 GDPR on June 3, 2021. The European Data Protection Supervisor (EDPB), by its decision of July 28, 2021, then, required the DPC to reassess and increase its proposed fine based on a number of factors. The EDPS found a violation of the principle of transparency set forth in Article 5(1) a) of the GDPR in addition to the violations found by the DPC, and requested this to be reflected in the final amount of the fine. Based on this, the DPC imposed the fine in the amount of EUR 225,000,000. The fine is composed as follows: EUR 90,000,000 for the violation of Art. 5 (1) a) GDPR; EUR 30,000,000 for the violation of Art. 12 GDPR; EUR 30,000,000 for the violation of Art. 13 GDPR; and EUR 75,000,000 for the violation of Art. 14 GDPR. With respect to Art. 12 GDPR and Art. 13 GDPR, the DPC found that WhatsApp had failed to provide information about the nature of the data collection 'in a concise, transparent, intelligible and easily accessible form, using clear and plain language.' This includes making the information easy for children to u
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (1)
Other enforcement actions involving WhatsApp Ireland Ltd. in IE
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
2 September 2021
Authority
Data Protection Commission
Fine Amount
€225,000,000
Enforcement Tracker ID
ETid-820
About this data
Cite as: Cookie Fines. WhatsApp Ireland Ltd. - Ireland (2021). Retrieved from cookiefines.eu
Last updated: