EU has "serious concerns" over WhatsApp data sharing

The European Commission has delivered a letter to WhatsApp demanding greater clarity

WhatsApp, Web app, Messaging

Concerns have once again been raised over the way WhatsApp handles its users' private data, this time from the European Commission.

The messaging app has already been hit with a sharing ban by German regulators after the company changed its terms and conditions to allow an exchange of data between itself and parent company Facebook.

Advertisement - Article continues below

Now the Article 29 Working Party (WP29), a European Commission body with representatives from each member state's data protection regulator, has delivered a letter to WhatsApp CEO Jan Koum expressing "serious concerns" over the new terms and conditions announced in August.

Signed by chairwoman Isabelle Falque-Pierrotin, the letter urges WhatsApp to stop plans to share data until "the appropriate legal protections can be assured", including full compliance with EU legislation.

"Given the popularity of the messaging service these changes may affect many citizens in all EU member states and have created great uncertainty among users and non-users of the service," the letter read.

The WP29 has insisted that WhatsApp hand over information related to the data-sharing scheme. This includes the categories of data, such as names or telephone numbers, and the source of the stored information, which could include user phones or company servers.

"The WP29 has serious concerns regarding the manner in which the information relating to the updated Terms of Service and Privacy Policy was provided to users and consequently about the validity of users' consent."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The group, which includes the UK's Information Commissioner's Office (ICO), expressed doubts that effective "control mechanisms" were in place to allow "users to exercise their rights" and raised concerns about the effects this change would have on "people that are not a user of any other service within the Facebook family of companies."

The commission has also requested "a list of recipients of the data and the effects if the data transfer on users and potential third persons", to ensure the company is complying with EU legal frameworks.

"We're working with data protection authorities to address their questions," said a WhatsApp spokesman in an email to IT Pro. "We've had constructive conversations, including before our update, and we remain committed to respecting applicable law."

Since news of the letter surfaced, Italy's antitrust watchdog announced on Friday that it would launch an independent investigation to assess whether WhatsApp led users to believe sharing data with Facebook was required to continue using the service, according to Reuters

Advertisement - Article continues below

The ICO launched its own separate investigation into the data-sharing deal between WhatsApp and Facebook in August. ICO has declined to share information on how long the invesitgation will last.

This article was originally published on 28 October at 12:15pm, and was updated on 31 October with news of the Italian investigation.

27/09/2016:  German regulators ban WhatsApp from sharing data with Facebook

WhatsApp has been banned from sharing data with Facebook by German regulators.

The messaging platform changed its terms and conditions last month. The updated policy allows the company to exchange certain user details - including their phone numbers - with parent company Facebook.

This move was roundly criticised by privacy campaigners, particularly since WhatsApp had previously garnered goodwill with end-to-end encryption and a complete lack of advertising.

Hamburg's data protection commissioner has officially struck down the deal, issuing an administrative order which completely prohibits any transfer of information between the two companies. Facebook has also been ordered to destroy any data that has already been forwarded.

Advertisement - Article continues below

"After the acquisition of WhatsApp by Facebook two years ago, both parties have publicly assured that data will not be shared between them," a statement read. "The fact that this is now happening is not only a misleading of their users and the public, but also constitutes an infringement of national data protection law."

"This administrative order protects the data of about 35 million WhatsApp users in Germany," commissioner Johannes Caspar said. "It has to be their decision, whether they want to connect their account with Facebook. Therefore, Facebook has to ask for their permission in advance. This has not happened."

Caspar also raised concerns about the privacy of individuals whose contact details may be stored in the address books of WhatsApp users, despite having no connection to the service themselves.

Germany is not the only country whose regulators are troubled by the deal. The UK's Information Commissioner's Office has also promised to look into the matter, threatening to "pull back the curtain" on the relationship between the two companies.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/policy-legislation/general-data-protection-regulation-gdpr/355337/ico-will-reduce-gdpr-fines-due-to
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
Visit/security/privacy/355304/nhs-working-with-apple-google-coronavirus-tracking-app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Visit/policy-legislation/data-protection/355250/health-sites-sharing-users-medical-data-with-major-tech
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/server-storage/high-performance-computing-hpc/355916/inside-the-hawk-supercomputer
high-performance computing (HPC)

AMD virtual tour takes us inside Europe's Hawk supercomputer

4 Jun 2020