Irish data regulator confirms WhatsApp has still not proposed measures to settle European data sharing concerns
WhatsApp has still not proposed any measures to address EU regulator concerns over its sharing of user data with parent company Facebook.
The concerns stem from when Facebook acquired WhatsApp in 2014. Soon after the messaging app modified its terms of service, informing users it would share their data with its new parent. That didn’t sit well with European watchdogs, and the move spurred a number of regulatory actions against Facebook in Europe.
For example last month a Belgian court ordered Facebook to stop tracking web users without their consent, or face fines of €250,000 (£221,000) a day, up to €100m.
This change prompted outrage among WhatsApp users and European regulators. Matters were not helped by the fact that WhatsApp founder Jan Koum had denied at the time of the acquisition in 2014, that WhatsApp would have to follow Facebook’s privacy policies.
Indeed, such was the controversy that Facebook had to suspend in November 2016 data sharing between its social network and WhatsApp across the European Union.
It had already earlier suspended such data sharing activity in the UK.
But this did not prevent Facebook being fined 110 million euros (£93.8m) in May 2017, because the EU felt that the social network giant had provided misleading information during EU scrutiny of the deal.
And now it has emerged that nearly a year later after that fine, WhatsApp has still not brought forward proposals to address EU regulators’ concerns over the sharing of user data with Facebook
According to Reuters, the Irish data protection authority (DPC) – which has jurisdiction over Facebook because the company’s European headquarters are in Dublin – had said last April it hoped to reach a deal with WhatsApp on the data sharing in a matter of months.
Fast forward to this year, and with no proposals forthcoming, the DPC said it had maintained its insistence that WhatsApp’s EU personal data not be shared with Facebook for the management of advertising campaigns and product enhancement purposes until there is a lawful basis for doing so.
“At this point the ball is in their court to bring forward what would be a credible process to legitimise the processing and no such options to this point have been presented to us,” Ireland’s Data Protection Commissioner Helen Dixon told Reuters in an interview.
“In fact WhatsApp reconfirmed with us recently that moving into GDPR in May, it would continue to observe the pause on processing of data for these purposes,” she said, referring to the EU General Data Protection Regulation (GDPR) which from May will require firms to give customers more control over their online information.
Facebook is facing a number of problems with European regulators at the moment.
In December Germany’s competition regulator warned Facebook that its collection of data on users and transfer of that information to the US may be “abusive” due to the social network’s dominant position in the country.
And that same month, France’s data protection agency, the CNIL, said it has determined WhatsApp’s transmission of user data to parent company Facebook is illegal under French law and gave the companies one month to bring themselves into compliance.