On Thursday, the Irish Data Protection Commission (DPC) fined WhatsApp, a Meta company, €5.5 million for breaching data protection rules when processing users’ personal information.
The ruling is based on an update to the Terms of Service of the platform that was implemented in the days leading up to the General Data Protection Regulation (GDPR implementation)‘s in May 2018, requiring users to agree to the revised terms to continue using the service or risk losing access.

According to the complaint filed by the privacy non-profit NOYB, WhatsApp violated the regulation by forcing its users to “consent to the processing of their data for service improvement and security” by “making the accessibility of its services conditional on users accepting the updated Terms of Service.”

“WhatsApp Ireland is not permitted to rely on the contract legal basis for the supply of service improvement and security,” the DPC stated in a statement, adding that the data acquired so far violates GDPR.

WhatsApp Violating Data Protection Laws

In addition to the penalties, the messaging app was ordered to bring its operations into conformity within six months. It’s worth noting that Meta’s European headquarters are located in Dublin.

WhatsApp Violating Data Protection Laws

On the other hand, the DPC said that it has no plans to examine whether WhatsApp uses user information for advertising, calling it “open-ended and speculative.” NOYB responded by criticizing the authorities for failing to act on it.

“WhatsApp claims to be encrypted, but this only applies to the content of conversations, not the metadata,” NOYB’s Max Schrems said. “WhatsApp still knows who you talk to the most and when. This helps Meta have a thorough awareness of the social web surrounding you.”

“Meta utilizes this information to, for example, tailor adverts to friends who are already interested in,” Schrems said further. Despite 4.5 years of research, the DPC has refused to decide on this subject. ”

WhatsApp received significant backlash in early 2021 when it announced a similar update to its privacy policy that required users to accept the changes in order to continue using the service, prompting the European Commission to issue a warning, urging the company to “clearly inform” consumers of its business model.

“In particular, WhatsApp is encouraged to demonstrate how it intends to communicate any future updates to its terms of service and to do so in such a way that consumers can easily understand the implications of such updates and freely decide whether or not to continue using WhatsApp after these updates,” the Commission stated in June 2022.

Get your Cybersecurity Self-Assessment Today!

Furthermore, WhatsApp has already come under fire for changing its data-sharing methods with parent firm Meta (formerly Facebook) for ad targeting. The European Union penalized Facebook €110 million in 2017 for “providing erroneous or misleading information” during its investigation into the merger after the purchase of WhatsApp in 2014.

The new fine comes just two weeks after the DPC fined Meta €390 million for misusing user data to deliver personalized ads on Facebook and Instagram. The company has been given three months to establish a sufficient legal basis for processing personal data for behavioural advertising.

Is WhatsApp Violating Data Protection Laws? What do you say?


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center