If you are in the EU or UK, you have the legal right to see the data WhatsApp holds about you, correct it, delete it, move it to another service, or object to certain uses, including any use of your data based on WhatsApp's claimed legitimate interests.
This analysis describes what WhatsApp's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights, enforceable under GDPR, give EU and UK users meaningful control over their personal data held by WhatsApp, including the ability to object to data processing for purposes beyond core service delivery.
The updated policy removes an unconditional statement of intent and replaces it with conditional language: 'We have no intention to introduce them, but if we ever do, we will update this Privacy Policy.' This revision reserves WhatsApp's right to introduce ad formats in Status and Channels in the future, subject only to updating the privacy policy at that time. The prior language established a stronger commitment; the updated language is more permissive. No specific consumer action is required; the change is informational regarding WhatsApp's future flexibility on advertising formats.
View change record →The updated terms no longer state that WhatsApp has no intention to introduce ads in Status and Channels. Instead, the revised language indicates that if ads are introduced in these features, WhatsApp will update its privacy policy to reflect the change. This means the company has reserved the option to add ads to Status and Channels in the future, subject to policy update notification.
View change record →The updated policy now explicitly discloses that users 'may see other types of ads in Status and Channels,' whereas the prior language stated WhatsApp had 'no intention to introduce' new ad types. This represents a shift from a stated commitment not to expand advertising toward an explicit acknowledgment that new ad categories may appear on WhatsApp's social features. The policy also updated its regional privacy guidance by removing a reference to Thai Personal Data Protection Act rights and adding a new section directing US residents to WhatsApp's United States Regional Privacy Notice for information about their consumer privacy rights under US law.
View change record →EU and UK users can exercise formal legal rights to access, correct, delete, or export their WhatsApp data, and can object to processing based on legitimate interests; these rights are enforceable through the Irish Data Protection Commission if WhatsApp does not respond adequately.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
WhatsApp has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are a WhatsApp user located in the European Region, you may access, rectify, port and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party.— Excerpt from WhatsApp's WhatsApp Privacy Policy
REGULATORY LANDSCAPE: This provision directly reflects rights established under GDPR Articles 15 through 22, including access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), portability (Article 20), and objection (Article 21). The UK GDPR imposes equivalent rights for UK users. WhatsApp Ireland Limited is the data controller for EU users, with the Irish DPC as lead supervisory authority. Non-compliance with data subject rights requests is subject to enforcement under GDPR Article 77 (right to lodge complaints) and Articles 83-84 (administrative fines). GOVERNANCE EXPOSURE: Medium. The obligation to respond to data subject rights requests within GDPR-mandated timeframes (generally one month, extendable by two months for complex requests) creates operational requirements for WhatsApp's compliance infrastructure. Organizations that deploy WhatsApp for business purposes may receive indirect requests from their own customers or employees seeking to exercise rights over data processed via WhatsApp Business. JURISDICTION FLAGS: EU and UK users have the highest level of enforceable rights under this provision. Users in other jurisdictions (US non-California, Asia, Latin America) have fewer enforceable rights under this specific provision, though some may have rights under national law. California residents have parallel but distinct rights under CCPA/CPRA. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers using WhatsApp Business API should ensure their data processing agreements with Meta address how data subject rights requests flowing through business accounts will be managed, including response timelines and the allocation of controller and processor responsibilities. COMPLIANCE CONSIDERATIONS: Legal teams should verify that WhatsApp's documented procedures for handling data subject rights requests are operational and within GDPR response timelines. Organizations that process employee or customer data through WhatsApp should assess whether they have independent obligations to respond to rights requests that cannot be delegated to WhatsApp.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights, enforceable under GDPR, give EU and UK users meaningful control over their personal data held by WhatsApp, including the ability to object to data processing for purposes beyond core service delivery.
EU and UK users can exercise formal legal rights to access, correct, delete, or export their WhatsApp data, and can object to processing based on legitimate interests; these rights are enforceable through the Irish Data Protection Commission if WhatsApp does not respond adequately.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by WhatsApp.