France: WhatsApp has no legal basis to share data with Facebook

Data privacy authority says WhatsApp has breached the Data Protection Act

WhatsApp has been handed an ultimatum by the French data protection watchdog that says it has one month to bring its data sharing policies in line with the country's privacy laws or it will face a substantial fine.

French data protection authority CNIL revealed on Monday that it had told WhatsApp it needed to review its procedures around the sharing of data with its parent company Facebook, particularly those linked to current policies for collecting consent from users.

Advertisement - Article continues below

CNIL said the social media site had failed in its obligation to work with the authority, and had no legal basis to share data with Facebook.

While the use of data sharing for security reasons is accepted by the French authority, the sharing of data for the use of improving application features, known as "business intelligence", can't be justified, according to today's statement.

"The President and the two Vice-Presidents of the CNIL have decided to publish this notice to ensure the highest level of transparency on the massive data transmission from a large number of users of WhatsApp to Facebook Inc. and thus alert to the need to put people in a position to maintain control of their data," a CNIL statement read.

Advertisement
Advertisement - Article continues below

"If the company does not comply with this formal notice within the time limit, the President may appoint a rapporteur who will propose if necessary to the restricted training of the CNIL, responsible for punishing breaches of the law, to impose a penalty."

Advertisement - Article continues below

WhatsApp has been locked in a regulatory battle with the European Union since it first announced it would be sharing user data with its parent company Facebook in 2016. The move raised immediate concerns among EU authorities that the process was automatic and that users were not being asked to give their consent.

WhatsApp was slapped with a warning in October 2016 after EU officials believed the company had done little to alleviate fears over its data sharing processes. A letter produced by the Article 29 Working Party, urged WhatsApp to halt its plans to share data until "appropriate legal protections can be assured".

The EU Commission would eventually hit Facebook with a 10 million fine in May this year for providing "misleading information" during the investigation into the company's acquisition of WhatsApp in 2014. Facebook had repeatedly told regulators that it would be impossible to automatically link Facebook profiles with WhatsApp accounts for the purpose of data sharing, something that was eventually implemented in 2016.

Advertisement - Article continues below

Today, the CNIL said that WhatsApp had failed to secure user consent for the sharing of data for "business intelligence" purposes and that while sharing of security data appeared to be fundamental to the functioning of the application, the sharing of data to improve features was not essential.

The CNIL added that "the only way to refuse the data transfer for "business intelligence" purpose is to uninstall the application".

WhatsApp has been repeatedly asked to provide a sample of data from French users, however the company has so far refused, as "the company has indicated that it is unable to provide this information to the extent that, being United States, it considers itself subject only to the legislation of that country," according to the statement.

While the ongoing dispute has so far only involved minor fines, the impending changes under GDPR will mean French data protection authorities will be able to issue sanctions of up to 4% of a company's global turnover.

Image: Bigstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/355337/ico-will-reduce-gdpr-fines-due-to
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
Visit/security/privacy/355304/nhs-working-with-apple-google-coronavirus-tracking-app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Visit/policy-legislation/data-protection/355250/health-sites-sharing-users-medical-data-with-major-tech
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020