WhatsApp stops sharing data with Facebook
Messaging platform will wait until it can be sure doing so is compliant with GDPR
WhatsApp has agreed to suspend data-sharing with Facebook after an investigation revealed it actually had no legal reason to share customers' information with the social network.
The messaging platform has now signed an 'undertaking' committing to stop sharing data with its parent company until they can do so in compliance with the EU's upcoming General Data Protection Regulation (GDPR), which requires companies to find a legal basis for collecting or processing people's personal information.
The Information Commissioner's Office (ICO) was also quick to point out that were Whatsapp to have shared UK personal data with Facebook, it would be infringing the first and second principles of the Data Protection Act. Additionally, under GDPR Whatsapp would face heavy financial penalties for doing so.
Information commissioner Elizabeth Denham found three reasons WhatsApp should not share data with Facebook: the free messaging platform has not identified a lawful reason why it needs to give Facebook people's data, it hasn't given enough information to users about how it processes their data, and sharing existing data with the social network was "incompatible" with the reasons it originally captured the data.
"I am pleased to state that WhatsApp has now signed an undertaking' wherein they have given a public commitment not to share personal data with Facebook until they can do so in compliance with the upcoming General Data Protection Regulation (GDPR), which comes into force in May this year," Denham said.
She also said WhatsApp hadn't shared any UK user data with Facebook and so decided not to impose a penalty on the firm as it wasn't a direct infringement of the Data Protection Act. WhatsApp had simply acted as a 'data processor', which is allowed under data protection law, as long as it's done lawfully and doesn't interfere with people's human rights.
"I therefore compliment WhatsApp in signing this undertaking, which I believe will build trust amongst their many UK users," Denham explained. "I would also like to stress that signing an undertaking is not the end of story and I will closely monitor WhatsApp's adherence to it."
The ICO's investigation was triggered after concerns were raised by the European Data Protection Authorities, of which the ICO is a member. Other European data organisations may not be so lenient on WhatsApp - the French data protection authority (CNIL) is enforcing its data laws on WhatsApp and the Hamburg Commissioner of Data Protection and Freedom of Information put the matter to the Higher Administrative Court, which has banned Facebook from using the data.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now