Germany bans Facebook from using WhatsApp data over GDPR concerns

Hamburg's data protection commissioner issues three-month ban days before the app's new privacy policy rolls out

Germany's data regulator has banned Facebook from processing any data from WhatsApp users on the basis that its controversial new terms and service are illegal under GDPR.

Hamburg's Commissioner for Data Protection and Freedom of Information (DPA) issued an emergency order on Tuesday blocking Facebook from processing WhatsApp data "for its own purposes" for three months. 

WhatsApp's privacy policy update has already been delayed due to the backlash from users but plans to share more data with its parent company, Facebook will be fully rolled out on 15 May. 

The app already shares data with the social network and has done since 2016. However, it will now also share payment and transactional data in a bid to improve targeted advertising as the service moves towards online shopping. 

''The order is intended to secure the rights and freedoms of the many millions of users who provided their consent to the terms of use throughout Germany," said Johannes Caspar, the head of the German data protection authority (DPA). 

"The global criticism of the new terms of use should give rise to a fundamental rethink of the consent mechanism. Without the trust of users, no data-based business model can be successful in the long term.''

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

Facebook stated that it wouldn't share data with WhatsApp when it acquired the app in 2014, but it has struggled to make money from the service. Regulators in both India and Brazil have also taken similar regulatory action over the incoming policy change with the social network currently considering appeals. 

In regards to the Hamburg DPA's order, WhatsApp said it is "based on a fundamental misunderstanding" of the purpose and effect of its update and therefore had no legitimate basis. 

"Our recent update explains the options people have to message a business on WhatsApp and provides further transparency about how we collect and use data," a spokesperson for WhatsApp said. "As the Hamburg DPA's claims are wrong, the order will not impact the continued roll-out of the update. We remain fully committed to delivering secure and private communications for everyone." 

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021