WhatsApp Ireland fined record €225 million by Data Protection Commission

It's the largest fine the DPC has ever issued.

WhatsApp Ireland has been fined a total of €225 million following an investigation by the Data Protection Commission into GDPR transparency. It represents the largest fine that the DPC has ever issued and the second largest ever given out against a company under European Union data laws. The investigation sought to determine precisely how WhatsApp shares data with both users and non-users of its service, including information provided to other Facebook-owned social media platforms. Having initially commenced in December of 2018, the investigation concluded two years later, with the DPC submitting a draft decision to all Concerned Supervisory Authorities (CSAs) under Article 60 of the EU GDPR Act. Following this submission, the DPC received objections from eight CSAs. Unable to reach a consensus on the outlined objections, the DPC triggered the dispute resolution process as underlined by Article 65 of the EU GDPR Act on 3 June, 2021. At the end of July, the European Data Protection Board (EDPB) adopted a "binding decision", instructing the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB's decision. Following this, the figure of €225 million was decided upon. The DPC has also formally reprimanded WhatsApp Ireland while calling for the service to take "a range of remedial actions" in order to bring its processing into a state of compliance.