WhatsApp Ireland Ltd August 2021

Document

Cited authorities 17

Cited in

Section	Decisions made under data protection act 2018

In the matter of the General Data Protection Regulation

DPC Inquiry Reference: IN-18-12-2

In the matter of WhatsApp Ireland Limited

Decision of the Data Protection Commission made pursuant to Section 111 of the Data Protection

Act, 2018 and Articles 60 and 65 of the General Data Protection Regulation

Further to an own-volition inquiry commenced pursuant to Section 110 of the Data Protection Act,

2018

DECISION

Decision-Maker for the Commission:

Helen Dixon

________________________________

Commissioner for Data Protection

Dated the 20th day of August 2021

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, Ireland

Table of Contents

Introduction ................................................................................................................................ 7

Basis of Inquiry .................................................................................................................................... 7

Competence of the Commission ......................................................................................................... 8

The Inquiry ........................................................................................................................................ 10

Approach of the Decision-Maker ...................................................................................................... 10

Progression of the Decision-Making Stage ................................................................................... 11

Part 1: Transparency in the Context of Non-Users ....................................................................... 13

Introduction ...................................................................................................................................... 13

Relevant Provisions ....................................................................................................................... 13

The Inquiry Stage .............................................................................................................................. 13

The Decision-Making Stage ............................................................................................................... 18

Relevant Background and Findings of Fact ................................................................................... 18

The Questions for Determination ................................................................................................. 20

Legal Analysis – Questions (a) and (b) .......................................................................................... 21

Analysis and Discussion: Does the phone number of a non-user, prior to the applicatio n of the

lossy hashing process, constitute the personal data of that non-user? ........................................... 28

Finding: Does the phone number of a non-user, before the application of the lossy hashing

process, constitute the personal data of that non-user? ................................................................. 36

Analysis and Discussion: Does the phone number of a non-user, after the application of t he lossy

hashing process, constitute the personal data of that non-user? .................................................... 36

Finding: Does the phone number of a non-user, after the application of the lossy hashing process,

constitute the personal data of that non-user? ............................................................................... 40

Relevant Background and Legal Analysis – Question (c) .............................................................. 40

The Test to be Applied .................................................................................................................. 47

Analysis and Discussion: When processing the personal data of non-users, does WhatsApp do so

as a data controller or a data processor? ......................................................................................... 54

Finding: When processing the personal data of non-users, does WhatsApp do so as a data

controller or a data processor? ......................................................................................................... 55

Consequent Assessment of Compliance with the Requirements of Article 14 ............................ 56

Analysis and Discussion: Article 14 Exemptions and Non-Users .................................................. 56

Finding: The extent to which WhatsApp complies with its obligations to non-users pursuant to

Article 14 of the GDPR ...................................................................................................................... 62

Part 2: Transparency in the Context of Users .............................................................................. 62

Introduction ...................................................................................................................................... 62

Relevant Provisions ....................................................................................................................... 62

Review of the Materials being relied upon by WhatsApp ................................................................ 64

Methodology for Part 2: Assessment and Questions for Determination ......................................... 68

Assessment: Article 13(1)(a) – the identity and contact details of the controller............................ 75

Assessment of Decision-Maker: What information has been provided? ..................................... 76

Assessment of Decision-Maker: How has the information been provided? ................................ 77

Finding: Article 13(1)(a) – the identity and contact details of the controller ............................... 77

Assessment: Article 13(1)(b) – the contact details of the data protection officer, where applicable

.......................................................................................................................................................... 78

Assessment of Decision-Maker: What information has been provided? ..................................... 78

Assessment of Decision-Maker: How has the information been provided? ................................ 78

Finding: Article 13(1)(b) – the contact details of the data protection officer, where applicable . 78

Assessment: Article 13(1)(c) – the purposes of the processing for which the personal data are

intended as well as the legal basis for the processing ...................................................................... 79

Preliminary Issue: What information must be provided pursuant to Article 13(1)(c)? .................... 82

Conclusion – Preliminary Issue: What information must be provided pursuant to Article 13(1)(c)?

.......................................................................................................................................................... 87

Assessment: Application of the Proposed Approach to Article 13(1)(c) .......................................... 93

Identified Legal Basis 1: Contractual Necessity............................................................................. 94

Identified Legal Basis 2: Consent ................................................................................................ 100

Identified Legal Basis 3: Legitimate Interests ............................................................................. 102

Identified Legal Basis 4: Compliance with a Legal Obligation ..................................................... 106

Identified Legal Basis 5: The vital interests of the data subject or those o f another person ..... 110

Identified Legal Basis 6: Tasks carried out in the public interest ................................................ 111

Finding: Article 13(1)(c) – The purposes of the processing for which the personal data are

intended as well as the legal basis for the processing ................................................................ 114

Article 13(1)(d) – where applicable, the Legitimate Interests being pursued ................................ 114

Assessment of Decision-Maker: What information has been provided? ................................... 115

Assessment of Decision-Maker: How has the information been provided? .............................. 115

Finding: Article 13(1)(d) – where applicable, the Legitimate Interests being pursued .............. 116

Assessment: Article 13(1)(e) – the Recipients or Categories of Recipient ..................................... 119

Assessment of Decision-Maker: What information has been provided? ................................... 120

Assessment of Decision-Maker: How has the information been provided? .............................. 121

Finding: Article 13(1)(e) – the Recipients or Categories of Recipient ......................................... 121

Assessment: Article 13(1)(f) – Transfers of personal data to a third country ................................ 123

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

WhatsApp Ireland Ltd August 2021

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users