On September 2, 2021, the Irish Data Protection Authority (DPA) has imposed a fine of €225 million on WhatsApp.
On July 15, 2021, the European Data Protection Baord (EDPB) adopted its first urgent binding decision in application of Art. 66(2) GDPR following a request from the Hamburg supervisory authority.
However, under article 66 GDPR, as the Irish supervisory authority is the the lead supervisory authority in this matter, the Hamburg Authority needed the validation of the EDPB for these provisional measures to become final.
The EDPB rejected the Hamburg Auhtority’s request but requires further investigations to be carried out on Facebook and Whatsapp Ireland.
The Guardian has recently revealed that there were vulnerabilities into the Whatsapp encryption system. Indeed, because of re-sending system that would change the encryption keys each time a user reply to a message, government agencies could access any message sent.