France: WhatsApp has no legal basis to share data with Facebook

Data privacy authority says WhatsApp has breached the Data Protection Act

WhatsApp has been handed an ultimatum by the French data protection watchdog that says it has one month to bring its data sharing policies in line with the country's privacy laws or it will face a substantial fine.

French data protection authority CNIL revealed on Monday that it had told WhatsApp it needed to review its procedures around the sharing of data with its parent company Facebook, particularly those linked to current policies for collecting consent from users.

CNIL said the social media site had failed in its obligation to work with the authority, and had no legal basis to share data with Facebook.

While the use of data sharing for security reasons is accepted by the French authority, the sharing of data for the use of improving application features, known as "business intelligence", can't be justified, according to today's statement.

"The President and the two Vice-Presidents of the CNIL have decided to publish this notice to ensure the highest level of transparency on the massive data transmission from a large number of users of WhatsApp to Facebook Inc. and thus alert to the need to put people in a position to maintain control of their data," a CNIL statement read.

"If the company does not comply with this formal notice within the time limit, the President may appoint a rapporteur who will propose if necessary to the restricted training of the CNIL, responsible for punishing breaches of the law, to impose a penalty."

WhatsApp has been locked in a regulatory battle with the European Union since it first announced it would be sharing user data with its parent company Facebook in 2016. The move raised immediate concerns among EU authorities that the process was automatic and that users were not being asked to give their consent.

WhatsApp was slapped with a warning in October 2016 after EU officials believed the company had done little to alleviate fears over its data sharing processes. A letter produced by the Article 29 Working Party, urged WhatsApp to halt its plans to share data until "appropriate legal protections can be assured".

The EU Commission would eventually hit Facebook with a 10 million fine in May this year for providing "misleading information" during the investigation into the company's acquisition of WhatsApp in 2014. Facebook had repeatedly told regulators that it would be impossible to automatically link Facebook profiles with WhatsApp accounts for the purpose of data sharing, something that was eventually implemented in 2016.

Today, the CNIL said that WhatsApp had failed to secure user consent for the sharing of data for "business intelligence" purposes and that while sharing of security data appeared to be fundamental to the functioning of the application, the sharing of data to improve features was not essential.

The CNIL added that "the only way to refuse the data transfer for "business intelligence" purpose is to uninstall the application".

WhatsApp has been repeatedly asked to provide a sample of data from French users, however the company has so far refused, as "the company has indicated that it is unable to provide this information to the extent that, being United States, it considers itself subject only to the legislation of that country," according to the statement.

While the ongoing dispute has so far only involved minor fines, the impending changes under GDPR will mean French data protection authorities will be able to issue sanctions of up to 4% of a company's global turnover.

Image: Bigstock

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

WhatsApp flaw leaves users open to 'shoulder surfing' attacks
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020