EU has "serious concerns" over WhatsApp data sharing

WhatsApp, Web app, Messaging

Concerns have once again been raised over the way WhatsApp handles its users' private data, this time from the European Commission.

The messaging app has already been hit with a sharing ban by German regulators after the company changed its terms and conditions to allow an exchange of data between itself and parent company Facebook.

Now the Article 29 Working Party (WP29), a European Commission body with representatives from each member state's data protection regulator, has delivered a letter to WhatsApp CEO Jan Koum expressing "serious concerns" over the new terms and conditions announced in August.

Signed by chairwoman Isabelle Falque-Pierrotin, the letter urges WhatsApp to stop plans to share data until "the appropriate legal protections can be assured", including full compliance with EU legislation.

"Given the popularity of the messaging service these changes may affect many citizens in all EU member states and have created great uncertainty among users and non-users of the service," the letter read.

The WP29 has insisted that WhatsApp hand over information related to the data-sharing scheme. This includes the categories of data, such as names or telephone numbers, and the source of the stored information, which could include user phones or company servers.

"The WP29 has serious concerns regarding the manner in which the information relating to the updated Terms of Service and Privacy Policy was provided to users and consequently about the validity of users' consent."

The group, which includes the UK's Information Commissioner's Office (ICO), expressed doubts that effective "control mechanisms" were in place to allow "users to exercise their rights" and raised concerns about the effects this change would have on "people that are not a user of any other service within the Facebook family of companies."

The commission has also requested "a list of recipients of the data and the effects if the data transfer on users and potential third persons", to ensure the company is complying with EU legal frameworks.

"We're working with data protection authorities to address their questions," said a WhatsApp spokesman in an email to IT Pro. "We've had constructive conversations, including before our update, and we remain committed to respecting applicable law."

Since news of the letter surfaced, Italy's antitrust watchdog announced on Friday that it would launch an independent investigation to assess whether WhatsApp led users to believe sharing data with Facebook was required to continue using the service, according to Reuters.

The ICO launched its own separate investigation into the data-sharing deal between WhatsApp and Facebook in August. ICO has declined to share information on how long the invesitgation will last.

This article was originally published on 28 October at 12:15pm, and was updated on 31 October with news of the Italian investigation.

27/09/2016: German regulators ban WhatsApp from sharing data with Facebook

WhatsApp has been banned from sharing data with Facebook by German regulators.

The messaging platform changed its terms and conditions last month. The updated policy allows the company to exchange certain user details - including their phone numbers - with parent company Facebook.

This move was roundly criticised by privacy campaigners, particularly since WhatsApp had previously garnered goodwill with end-to-end encryption and a complete lack of advertising.

Hamburg's data protection commissioner has officially struck down the deal, issuing an administrative order which completely prohibits any transfer of information between the two companies. Facebook has also been ordered to destroy any data that has already been forwarded.

"After the acquisition of WhatsApp by Facebook two years ago, both parties have publicly assured that data will not be shared between them," a statement read. "The fact that this is now happening is not only a misleading of their users and the public, but also constitutes an infringement of national data protection law."

"This administrative order protects the data of about 35 million WhatsApp users in Germany," commissioner Johannes Caspar said. "It has to be their decision, whether they want to connect their account with Facebook. Therefore, Facebook has to ask for their permission in advance. This has not happened."

Caspar also raised concerns about the privacy of individuals whose contact details may be stored in the address books of WhatsApp users, despite having no connection to the service themselves.

Germany is not the only country whose regulators are troubled by the deal. The UK's Information Commissioner's Office has also promised to look into the matter, threatening to "pull back the curtain" on the relationship between the two companies.

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.