On 19 August 2022, the Irish Data Protection Commission (DPC) referred to the European Data Protection Board the case of WhatsApp’s services compliance with the General Data Protection Regulation (GDPR). Before referring it to the EDPB, the DPC had initiated an investigation into the company after receiving a complaint from a German data subject. The complaint stated that when GDPR was implemented, WhatsApp required its users to "agree and continue" to its updated Terms of Service to use its services. WhatsApp argued that the users, by accepting the terms, entered into a contract with the company, offering a lawful basis for processing users' data. The users that would not accept the updated Terms of Service could not access WhatsApp. The complaint contested the use of contract as a legal basis for processing data and argued that WhatsApp was asking for users' consent as a basis for legal processing of data and claimed that by restricting access, it was "forcing" users to consent to the processing of their personal data.
Original source