European Union: Opened DPC investigation into WhatsApp's delivery of services compliance with GDPR

On 25 May 2018, the Data Protection Commission Ireland (DPC) opened an investigation into WhatsApp's delivery of services compliance with the General Data Protection Regulation (GDPR), after receiving a complaint from a German data subject. The complaint stated that when GDPR was implemented, WhatsApp required its users to "agree and continue" to its updated Terms of Service to use its services. WhatsApp argued that the users, by accepting the terms, entered into a contract with the company, offering a lawful basis for processing users' data. The users that would not accept the updated Terms of Service could not access WhatsApp. The complaint contested the use of contract as a legal basis for processing data and argued that WhatsApp was asking for users' consent as a basis for legal processing of data and claimed that by restricting access, it was "forcing" users to consent to the processing of their personal data.