The European Court of Justice has rejected WhatsApp’s challenge to reverse a previous judgment.

The European Court of Justice deemed WhatsApp’s appeal of a decision by the European Data Protection Board to be inappropriate in a statement issued on Wednesday.

In 2021, the Irish Data Protection Commission (DPC) issued corrective measures and fines against WhatsApp totalling around €230 million due to complaints about WhatsApp’s use of private data in Ireland and a ruling by the European Data Protection Board (EDPB).

Conclusion

Meta is feeling the pressure from Europe’s much-touted data protection framework. The Irish DPC, WhatsApp’s primary data supervisor in the European Union, has been looking into the Meta-owned messaging service since December 2018.

Several months prior, the first complaints were lodged against WhatsApp’s handling of user data and (lack of) compliance with the General Data Protection Regulation (GDPR), which was implemented in May 2018.

WhatsApp recently challenged the EDPB’s ruling in the European Court, asking the court to reverse the decision. However, the court concluded that WhatsApp’s actions were not permitted. WhatsApp can challenge the European Court’s decision before a national court.

What’s next for WhatsApp?

Given that Meta is already challenging the DPC’s fine in Ireland, the European Court noted that allowing the appeal to be heard would result in two legal proceedings running concurrently.

The EDPB’s involvement in the case halved the amount of time WhatsApp was given to carry out corrective actions from six to three months. Its influence on final judgments can be substantial, especially in more complicated, contentious GDPR cases.

Although the EDPB is crucial to maintaining GDPR enforcement, the data protection commission of the country that an organization operates in ultimately decides on the cases it initiates. In this case, that’s the Irish DPC. The only requirement is that the final judgment must consider any binding decisions made by the EDPB.