WhatsApp Ireland Limited – €225,000,000 Fine (Ireland, 2021)
WhatsApp Ireland was fined €225 million for not being transparent about how it shares user data with Facebook and how it handles non-user data. The Irish Data Protection Commission found that WhatsApp didn't give clear information to users and non-users about data practices. This case emphasizes the importance of transparency in data handling for tech companies.
What happened
WhatsApp Ireland failed to provide clear information about its data sharing practices with Facebook and its handling of non-user data.
Who was affected
WhatsApp users and non-users whose data was shared or processed without adequate transparency were affected.
What the authority found
The Irish Data Protection Commission ruled that WhatsApp violated GDPR's transparency requirements by not informing users and non-users about data processing practices.
Why this matters
This significant fine highlights the growing scrutiny on tech companies to be transparent about data use. Businesses should ensure they clearly communicate data practices to maintain user trust and comply with regulations.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Entities Involved
This DPC decision is the result of an own-volition inquiry pursuant to section 110 Data Protection Act 2018. It was prompted by various complaints sent by individual data subjects as well as a mutual assistance request from the German Federal Data Protection Authority concerning WhatsApp’s transparency obligations following the entry into force of the GDPR in May 2018. The inquiry focused on: # WhatsApp’s transparency obligations in the context of non-users under Articles 14 and 12(1) GDPR # WhatsApp’s transparency obligations in the context of users under Articles 13 and 12(1) GDPR. # WhatsApp’s transparency obligations in the context of its relationship with other Facebook Companies and any sharing of user data in the context of that relationship. Following an investigation lasting from December 2018 to December 2020, the DPC submitted a composite draft decision to other DPAs in accordance with Article 60 GDPR. On 24 December 2020, it referred the objections to the EDPB, as required by the Article 65(1)(a) dispute resolution mechanism. The EDPB then adopted its binding Article 65 GDPR decision on July 28 2021. Consequently, the DPC amended its draft to take into account the EDPB’s determination of the various objections from the other DPAs which it deemed to be “relevant and reasoned” for the purpose of Article 4(24) of the GDPR. Notably, it required the DPC to find that WhatsApp failed to comply with the key principle of transparency set out in Article 5(1)(a) GDPR, a matter it had not originally assessed. First, it found WhatsApp denied non-users their right to exercise control over their personal data by failing to provide them with the information prescribed by Article 14 GDPR. Second, it held WhatsApp failed to provide users with sufficiently meaningful information regarding nearly every category of information to be provided under Article 13 GDPR, making it impossible for them to adequately consider and exercise their data rights. Third, it included an
Related Enforcement Actions (0)
No other enforcement actions found for WhatsApp Ireland Limited in IE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 August 2021
Authority
Data Protection Commission
Fine Amount
€225,000,000
GDPRhub ID
gdprhub-3914About this data
Cite as: Cookie Fines. WhatsApp Ireland Limited - Ireland (2021). Retrieved from cookiefines.eu
Last updated: