Irish Data Protection Commission imposed penalty of 5.5 million euros on Whatsapp Ireland after finding that Whatsapp has violated General Data Protection Regulation.
The fine was imposed on whatsapp for forcing users to allow their personal data to be used to provide “service improvement and security”. However, whatsapp relied on contract as legal basis to process personal data.
European Data Protection Board (“EDPB”) however found that Whatapp inappropriately relied on contract as legal basis to process personal data. Consequently, EDPB instructed Irish Data Protection Commission to add an infringement of Article 6(1) GDPR and principle of fairness under article 5(1)(a) GDPR.