On May 11, a press release from Hamburg's Commissioner for Data Protection and Freedom of Information (DPA) explained that Facebook Ireland Ltd. had been prohibited from processing personal data from WhatsApp with immediate effect under the European Union's General Data Protection Regulation (EU GDPR). The release declared that upon evaluation, the commissioner found no legal basis for Facebook to process the data in question.
AndroidCentral reported that Hamburg's Commissioner for Data Protection and Freedom of Information Johannes Caspar's aim was to "prevent disadvantages and damage associated with such a black-box procedure." Caspar said that Facebook's recent data breach and the Cambridge Analytica scandal "show the extent and threats of mass profiling." Referencing Germany's upcoming election, Caspar added that profiling could be used to manipulate democratic decision-making processes.
Further, TechCrunch reported that a majority of users have already complied with WhatsApp's new terms although Facebook didn't disclose statistics. A WhatsApp spokesperson disputed the German regulators' decision, calling it a "fundamental misunderstanding of the purpose and effect of WhatsApp's update" Notably, the German regulators have invoked the GDPR's urgency procedure which can keep WhatsApp's predatory policy update at bay only for three months.
WhatsApp's spokesperson regurgitated policy clarifications the company circulated earlier before adding that "as the Hamburg DPA's claims are wrong, the order will not impact the continued roll-out of the update." This suggests that Facebook doesn't intend to comply with the DPA order. It would be interesting to observe how the European Data Protection Board, the Hamburg DPA, and Facebook arrive at a solution.