Use of WhatsApp violating data privacy laws without the consent of every address book contact?

The use of WhatsApp without the declaration of consent from every person in the user’s address book directory is deemed to be inadmissible in a recent decision by the family law department of a German lower federal court (AG Bad Hersfeld, 15.05.2017 – F 120/17 EASO).

The court held that the mother of an 11-year-old boy had to ensure and constantly control that all of her son’s phone contacts had given their consent to the transfer of their contact data to WhatsApp.

According to its standard terms and conditions, WhatsApp may access all contact details in a user’s address book which also includes persons who don’t use WhatsApp themselves:

“Address Book. You provide us the phone numbers of WhatsApp users and other contacts in your mobile phone address book on a regular basis. You confirm you are authorized to provide us such numbers to allow us to provide our Services.”

In the court’s opinion, the unconsented transfer of contact details to WhatsApp constitutes an infringement of the right on informational self-determination of the affected contacts by the WhatsApp user, i.e. the boy’s mother as his legal guardian, and could potentially lead to warning letters and claims for damages by the affected individuals.

Our take

The decision raises some important questions regarding responsibility for use of social media platforms and highlights the difficulties in aligning the use of social media platforms and the current legal framework.

However, the court’s decision regarding liability for giving access to contact details did not address the fact that, technically, the processing of the contact details is by WhatsApp in its sole responsibility.

The court did not discuss the validity of WhatsApp’s standard terms and conditions. Under German law, if the aforementioned WhatsApp clause were held to be surprising and an inappropriate disadvantage towards the user, the clause would be invalid.