On September 2, 2021, the Irish Data Protection Authority (DPA) has imposed a fine of €225 million on WhatsApp.
Whatsapp – GDPR : The Irish DPA Issues a €225 million Fine for Lack of Transparency

On September 2, 2021, the Irish Data Protection Authority (DPA) has imposed a fine of €225 million on WhatsApp.
On July 15, 2021, the European Data Protection Baord (EDPB) adopted its first urgent binding decision in application of Art. 66(2) GDPR following a request from the Hamburg supervisory authority.
In this case, the Hambourg Authority ordered a ban on processing WhatsApp users’ data by Facebook Ireland for their own purposes following a change in the Terms of Service and Privacy Policy applicable to European users of WhatsApp Ireland Ltd.
However, under article 66 GDPR, as the Irish supervisory authority is the the lead supervisory authority in this matter, the Hamburg Authority needed the validation of the EDPB for these provisional measures to become final.
The EDPB rejected the Hamburg Auhtority’s request but requires further investigations to be carried out on Facebook and Whatsapp Ireland.
The European Data Protection Board (“EDPB”) has recently released new draft guidelines on personal data breach notification.
These new guidelines complement the previous and more general guidelines on the same subject that were issued by the EDPB, then the article 29 Working Party, in October 2017 (see here for more details)
Although quite comprehensive, the previous guidelines lacked practical details in certain regards as they were drafted at a time where the authorities and organisations did not have much experience of personal data breach notification. More than two years later, the EDPB has decided to provide guidelines made up of practical examples taken from their experiences.
During its 40th and 41st plenary sessions that took place in November, the European data protection board (EDBP) adopted the following recommendations: – Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal
The European Data Protection Board (EDPB), a Board reuniting all the EU data protection authorities, met for its 40th plenary session on October 21. During this meeting, the EDPB : adopted the final version of the Guidelines on Data Protection