This document is an excerpt from the EUR-Lex website
Document 62021TN0709
Case T-709/21: Action brought on 1 November 2021 — WhatsApp Ireland v EDPB
Case T-709/21: Action brought on 1 November 2021 — WhatsApp Ireland v EDPB
Case T-709/21: Action brought on 1 November 2021 — WhatsApp Ireland v EDPB
OJ C 2, 3.1.2022, p. 50–50
(BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
3.1.2022 |
EN |
Official Journal of the European Union |
C 2/50 |
Action brought on 1 November 2021 — WhatsApp Ireland v EDPB
(Case T-709/21)
(2022/C 2/69)
Language of the case: English
Parties
Applicant: WhatsApp Ireland Ltd (Dublin, Ireland) (represented by: H.-G. Kamann, F. Louis, A. Vallery, lawyers, P. Nolan, B. Johnston, C. Monaghan, Solicitors, P. Sreenan, D. McGrath, C. Geoghegan and E. Egan McGrath, Barristers-at-Law)
Defendant: European Data Protection Board
Form of order sought
The applicant claims that the Court should:
— |
annul the decision 1/2021 of the European Data Protection Board (EDPB) of 28 July 2021, in total or, in the alternative, in its relevant parts, and |
— |
order the Defendant to pay the costs of the proceedings. |
Pleas in law and main arguments
In support of the action to annul the binding decision 1/2021 of the EDPB of 28 July 2021, on the dispute arisen on the draft decision of the Irish Supervisory Authority regarding WhatsApp Ireland under Article 65(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) (1), the applicant relies on seven pleas in law.
1. |
First plea in law, alleging that the EDPB exceeded its competence under Article 65 of GDPR. |
2. |
Second plea in law, alleging that the EDPB infringed Articles 13(1)(d) and 12(1) GDPR by interpreting and applying these provisions and WhatsApp’s transparency obligations excessively by requesting WhatsApp to provide unrequired information. |
3. |
Third plea in law, alleging that the EDPB infringed Article 4(1) GDPR by interpreting and applying this provision and the term ‘personal data’ excessively. |
4. |
Fourth plea in law, alleging the EDPB violated the presumption of innocence as enshrined in Article 48 of the Charter of Fundamental Rights of the EU by inappropriately shifting the burden of proof onto WhatsApp to demonstrate that its processing environment is such that the risks of re-identification of data subjects is purely speculative. |
5. |
Fifth plea in law, alleging that the EDPB infringed the right to good administration as enshrined in Article 41 of the Charter of Fundamental Rights of the EU by disregarding WhatsApp’s right to be heard and the EDPB’s obligations to carefully and impartially examine evidence and to adequately state reasons. |
6. |
Sixth plea in law, alleging that the EDPB violated Article 83 GDPR and various underlying principles governing the determination of fines under the GDPR. |
7. |
Seventh plea in law, alleging that the EDPB violated the principle of legal certainty by failing to acknowledge that its decision puts forward novel interpretations and applications of several provisions of the GDPR, with the consequence that the infringement was unpredictable. |
(1) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1)