WhatsApp secures permission to challenge €225 million GDPR fine

The company has been granted the power to challenge Ireland’s fine over the way it shares user data
Image: Shutterstock via Denis Publishing

10 November 2021

WhatsApp has secured permission in Ireland’s High Court to challenge the Data Protection Commission’s (DPC) decision to fine the company €225 million in August over its lack of transparency in the way it shares user data.

Justice Anthony Barr agreed to grant the Facebook-owned company permission to bring its challenge, and adjourned the matter to next month, as reported by The Journal.

WhatsApp is aiming to quash the DPC’s decision and seek declarations from the court, which include that certain parts of the 2018 Data Protection Act are invalid and unconstitutional and are incompatible with Ireland’s obligations under the European Convention on Human Rights.




The DPC issued WhatsApp with a penalty in August, which was approved by the European Data Protection Board (EDPB), after a two-year investigation which found the company had been unclear in the way it processed and shared data with Facebook, as well as between WhatsApp and other Facebook-owned companies.

The investigation found that the company violated Article 14 of GDPR, which states that data controllers must provide data subjects with sufficient information about the way data is collected and processed.

The DPC’s draft findings from last December outlined the fine should be between €30 million and €50 million before the EDPB issued a binding decision in July with a “clear instruction” for the watchdog to increase its provisional fine. The DPC raised it several times higher, and issued requirements for WhatsApp to take steps to improve its GDPR compliance as well.

In September, campaigners claimed that the DPC was failing to process a surging backlog of hundreds of GDPR cases against big tech firms which was hindering pan-European data protection enforcement as a result. In the three years between May 2018 and May 2021 the data regulator only sent four draft decisions to the EPDB for examination and approval.

The report called the country “the big EU bottleneck” and said EU GDPR enforcement is “paralysed” due to Ireland’s failure to deliver draft decisions on cross-border cases.

Future Publishing

Read More:

Back to Top ↑