This briefing assesses what the recent WhatsApp fine illuminates about the EU’s system of GDPR enforcement. The size of the fine is impressive, and the case could potentially lead to wide-reaching changes in how companies present information to users. However, it seems less likely that the case will meaningfully improve citizens’ control of their personal data. The narrow transparency focus of the investigation, combined with its prolonged duration, will limit the case’s effectiveness for upholding citizens’ rights. The case also highlights the weaknesses in the EU’s “One Stop Shop” system of GDPR enforcement. Ultimately, the case demonstrates that the EU’s system of GDPR enforcement is not working as effectively as it should be.