IETransparencyTechnologyDecision: 2021-09-02

WhatsApp Ireland

€225.0M

Issued by Data Protection Commission (DPC) on 2021-09-02

What happened

The DPC fined WhatsApp €225 million for failing to provide transparent information to users and non-users about how it processes personal data. The investigation found that WhatsApp's privacy policy did not clearly explain data sharing with Facebook, processing purposes, and the legal basis for processing non-users' data obtained through contact uploads.

Articles violated

Art. 12 GDPRArt. 13 GDPRArt. 14 GDPR

Lessons learned

Privacy policies must be written in clear, plain language that users can actually understand. Data sharing between group entities must be explicitly disclosed. Companies must also inform non-users when their data is being processed (e.g., through contact list uploads). Transparency obligations extend beyond registered users.

Source

View original decision

Disclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.

Get enforcement alerts for Technology

We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.

Related enforcement actions

IE€345.0M

TikTok

Data Protection Commission (DPC) · Data Subject Rights

Read case

FR€40.0M

Criteo SA

Commission Nationale de l'Informatique et des Libertés (CNIL) · Consent Violation

Read case

SE€5.0M

Spotify AB

Integritetsskyddsmyndigheten (IMY) · Data Subject Rights

Read case