France: WhatsApp has no legal basis to share data with Facebook

Data privacy authority says WhatsApp has breached the Data Protection Act

WhatsApp has been handed an ultimatum by the French data protection watchdog that says it has one month to bring its data sharing policies in line with the country's privacy laws or it will face a substantial fine.

French data protection authority CNIL revealed on Monday that it had told WhatsApp it needed to review its procedures around the sharing of data with its parent company Facebook, particularly those linked to current policies for collecting consent from users.

CNIL said the social media site had failed in its obligation to work with the authority, and had no legal basis to share data with Facebook.

While the use of data sharing for security reasons is accepted by the French authority, the sharing of data for the use of improving application features, known as "business intelligence", can't be justified, according to today's statement.

"The President and the two Vice-Presidents of the CNIL have decided to publish this notice to ensure the highest level of transparency on the massive data transmission from a large number of users of WhatsApp to Facebook Inc. and thus alert to the need to put people in a position to maintain control of their data," a CNIL statement read.

"If the company does not comply with this formal notice within the time limit, the President may appoint a rapporteur who will propose if necessary to the restricted training of the CNIL, responsible for punishing breaches of the law, to impose a penalty."

WhatsApp has been locked in a regulatory battle with the European Union since it first announced it would be sharing user data with its parent company Facebook in 2016. The move raised immediate concerns among EU authorities that the process was automatic and that users were not being asked to give their consent.

WhatsApp was slapped with a warning in October 2016 after EU officials believed the company had done little to alleviate fears over its data sharing processes. A letter produced by the Article 29 Working Party, urged WhatsApp to halt its plans to share data until "appropriate legal protections can be assured".

The EU Commission would eventually hit Facebook with a 10 million fine in May this year for providing "misleading information" during the investigation into the company's acquisition of WhatsApp in 2014. Facebook had repeatedly told regulators that it would be impossible to automatically link Facebook profiles with WhatsApp accounts for the purpose of data sharing, something that was eventually implemented in 2016.

Today, the CNIL said that WhatsApp had failed to secure user consent for the sharing of data for "business intelligence" purposes and that while sharing of security data appeared to be fundamental to the functioning of the application, the sharing of data to improve features was not essential.

The CNIL added that "the only way to refuse the data transfer for "business intelligence" purpose is to uninstall the application".

WhatsApp has been repeatedly asked to provide a sample of data from French users, however the company has so far refused, as "the company has indicated that it is unable to provide this information to the extent that, being United States, it considers itself subject only to the legislation of that country," according to the statement.

While the ongoing dispute has so far only involved minor fines, the impending changes under GDPR will mean French data protection authorities will be able to issue sanctions of up to 4% of a company's global turnover.

Image: Bigstock

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020

Most Popular

WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021