Content Assessment: Whats Up with WhatsApp? Data Protection Commission of Ireland Announces Decision
Information - 90%
Insight - 90%
Relevance - 85%
Objectivity - 85%
Authority - 90%
A short percentage-based assessment of the qualitative benefit of the post highlighting the DPC Ireland's decision into WhatsApp inquiry.
Editor’s Note: The Data Protection Commission (DPC) is the Irish supervisory authority for the General Data Protection Regulation (GDPR). It also has functions and powers related to other critical regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive. The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities. From time to time, ComplexDiscovery highlights publicly available information from these organizations to ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Data Protection Commission Announces Decision in WhatsApp Inquiry
The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into WhatsApp Ireland Ltd. The DPC’s investigation commenced on 10 December 2018 and it examined whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service. This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.
Following a lengthy and comprehensive investigation, the DPC submitted a draft decision to all Concerned Supervisory Authorities (CSAs) under Article 60 GDPR in December 2020. The DPC subsequently received objections from eight CSAs. The DPC was unable to reach consensus with the CSAs on the subject-matter of the objections and triggered the dispute resolution process (Article 65 GDPR) on 3 June 2021.
On 28 July 2021, the European Data Protection Board (EDPB) adopted a binding decision and this decision was notified to the DPC. This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.
In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.
The EDPB has published the Article 65 decision and the final decision on its website (click here).
* Copyrighted information note shared by permission according to the Re-use of Public Section Information
EDPB Binding Decision 202101 - WhatsApp
- The Data Protection Commission (DPC) Ireland
- Luck of the Irish? Data Protection Commission of Ireland Publishes Annual Report