Laws that may require us to process your information

Last updated, 16 February 2024
As described in our Privacy Policy, we process information when we comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others or where we are obligated under law to implement appropriate technical and organisational security measures. See below the current list of laws which are enforceable in Ireland that give rise to a legal obligation for WhatsApp which results in the processing of information. New laws may be enacted or other obligations may become binding on our processing of your information which may require us to process your information, and we will update this list from time to time.

Civil and Commercial Laws:

Court orders requiring the processing of information can be issued under:
  • Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
  • Council Regulation (EC) No 1206/2001 of 28 May 2001 on cooperation between the courts of the Member States in the taking of evidence in civil or commercial matters.

Criminal Laws:

Search warrants and production orders requiring the processing of information can be issued under:
  • Section 10 of the Criminal Justice (Miscellaneous Provisions) Act 1997 as amended by 6(1)(a) of the Criminal Justice Act 2006
  • Section 7 of the Child Trafficking and Pornography Act 1998
  • Section 14 of the Criminal Assets Bureau Act 1996
  • Section 63 Criminal Justice Act 1994, as amended
  • Section 15 of the Criminal Justice Act 2011
  • Section 7 Criminal Justice (Offences Relating to Information Systems) Act 2017
  • Section 48(2) and Section 52 of the Criminal Justice (Theft and Fraud Offences) Act 2001
  • Section 74 and Section 75 of the Criminal Law (Mutual Assistance) Act 2008
  • Section 96 of the Garda Síochána Act 2005
  • Section 51(6)(b) of the International Criminal Court Act 2006
  • Section 26 of the Misuse of Drugs Act 1977, as amended
  • Section 29 of the Offences Against the State Act 1939
  • Section 16 of the Official Secrets Act 1963
  • Section 25 of the Prevention of Corruption (Amendment) Act 2001

Consumer and Competition Laws:

Regulatory requests requiring the processing of information can be issued under:
  • Section 11, Section 18, and Section 36 of the Competition and Consumer Protection Act 2014.

Enabling interoperability with third party messaging services:

  • Article 7 of the Digital Markets Act.

Reviewing information and reports:

  • Chapters II and III of the Digital Services Act.

Corporate and Taxation Laws:

Regulatory requests requiring the processing of information can be issued under:
  • Section 787 of the Companies Act 2014.

Regulatory:

Regulatory requests requiring the processing of information can be issued under:
  • Chapters IV and VI of General Data Protection Regulation, Part 6 of the Data Protection Act 2018.
  • Article 11, Article 15, and Chapter V of the Digital Markets Act.
  • Article 9, Article 10, Article 18, and Chapter IV of the Digital Services Act.

Information Security Obligations:

Legal obligations to implement appropriate technical and organisational security measures:
  • Articles 5(1)(f), 25, and 32 of the General Data Protection Regulation.
  • Article 40 of the European Electronic Communications Code (established under Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018).
  • Regulation 4 of S.I. No. 336/2011 - European Communities (Electronic Communications Networks and Services)(Privacy and Electronic Communications) Regulations 2011.

Does this answer your question?

Yes
No