EU has "serious concerns" over WhatsApp data sharing

The European Commission has delivered a letter to WhatsApp demanding greater clarity

WhatsApp, Web app, Messaging

Concerns have once again been raised over the way WhatsApp handles its users' private data, this time from the European Commission.

The messaging app has already been hit with a sharing ban by German regulators after the company changed its terms and conditions to allow an exchange of data between itself and parent company Facebook.

Advertisement - Article continues below

Now the Article 29 Working Party (WP29), a European Commission body with representatives from each member state's data protection regulator, has delivered a letter to WhatsApp CEO Jan Koum expressing "serious concerns" over the new terms and conditions announced in August.

Signed by chairwoman Isabelle Falque-Pierrotin, the letter urges WhatsApp to stop plans to share data until "the appropriate legal protections can be assured", including full compliance with EU legislation.

"Given the popularity of the messaging service these changes may affect many citizens in all EU member states and have created great uncertainty among users and non-users of the service," the letter read.

The WP29 has insisted that WhatsApp hand over information related to the data-sharing scheme. This includes the categories of data, such as names or telephone numbers, and the source of the stored information, which could include user phones or company servers.

"The WP29 has serious concerns regarding the manner in which the information relating to the updated Terms of Service and Privacy Policy was provided to users and consequently about the validity of users' consent."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The group, which includes the UK's Information Commissioner's Office (ICO), expressed doubts that effective "control mechanisms" were in place to allow "users to exercise their rights" and raised concerns about the effects this change would have on "people that are not a user of any other service within the Facebook family of companies."

The commission has also requested "a list of recipients of the data and the effects if the data transfer on users and potential third persons", to ensure the company is complying with EU legal frameworks.

"We're working with data protection authorities to address their questions," said a WhatsApp spokesman in an email to IT Pro. "We've had constructive conversations, including before our update, and we remain committed to respecting applicable law."

Since news of the letter surfaced, Italy's antitrust watchdog announced on Friday that it would launch an independent investigation to assess whether WhatsApp led users to believe sharing data with Facebook was required to continue using the service, according to Reuters

Advertisement - Article continues below

The ICO launched its own separate investigation into the data-sharing deal between WhatsApp and Facebook in August. ICO has declined to share information on how long the invesitgation will last.

This article was originally published on 28 October at 12:15pm, and was updated on 31 October with news of the Italian investigation.

27/09/2016:  German regulators ban WhatsApp from sharing data with Facebook

WhatsApp has been banned from sharing data with Facebook by German regulators.

The messaging platform changed its terms and conditions last month. The updated policy allows the company to exchange certain user details - including their phone numbers - with parent company Facebook.

This move was roundly criticised by privacy campaigners, particularly since WhatsApp had previously garnered goodwill with end-to-end encryption and a complete lack of advertising.

Hamburg's data protection commissioner has officially struck down the deal, issuing an administrative order which completely prohibits any transfer of information between the two companies. Facebook has also been ordered to destroy any data that has already been forwarded.

Advertisement - Article continues below

"After the acquisition of WhatsApp by Facebook two years ago, both parties have publicly assured that data will not be shared between them," a statement read. "The fact that this is now happening is not only a misleading of their users and the public, but also constitutes an infringement of national data protection law."

"This administrative order protects the data of about 35 million WhatsApp users in Germany," commissioner Johannes Caspar said. "It has to be their decision, whether they want to connect their account with Facebook. Therefore, Facebook has to ask for their permission in advance. This has not happened."

Caspar also raised concerns about the privacy of individuals whose contact details may be stored in the address books of WhatsApp users, despite having no connection to the service themselves.

Germany is not the only country whose regulators are troubled by the deal. The UK's Information Commissioner's Office has also promised to look into the matter, threatening to "pull back the curtain" on the relationship between the two companies.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/security/phishing/355120/hackers-pose-as-three-to-exploit-high-data-demand
phishing

Hackers target Three customers with "sophisticated" phishing scam

26 Mar 2020