The Data Protection Commission (DPC) has fined WhatsApp Ireland an additional €5.5 million over breaches of Europe’s data protection framework and substantively revised its original ruling under instruction from Europe’s overarching privacy regulator.

On Thursday, the DPC – Meta and its platforms’ main supervisory authority in Europe – announced it has adopted a binding resolution of the European Data Protection Board (EDPB). The board found that contrary to the DPC’s original 2021 ruling, WhatsApp is not entitled to rely on the legal basis it currently use to justify data collection within the European Union.