Facebook and WhatsApp are set to be probed by an EU data protection authority for not obtaining appropriate user consent for their data sharing plans.
The EU data protection authority believes WhatsApp was negligent in informing users that their data will be shared with Facebook.
Facebook has been at the receiving end of an intense scrutiny from the European Union’s data protection watchdog, the Article 29 Data Protection Working Party, for not being clear about its data-sharing plans with its subsidiary WhatsApp.
The Data Protection Working Party believes that the information presented by WhatsApp to its users on data sharing with Facebook was ‘seriously deficient as a means to inform their consent’. In a letter addressed to Jan Koum, chief executive of WhatsApp, the watchdog stated that notices given to users did not make it clear that their personal data would be shared with Facebook.
Back in May, the European Commission fined Facebook €110 million for lying to it in 2014 about its plans to share user data with WhatsApp. During the EU’s investigation into Facebook’s merger with WhatsApp in 2014, the social media giant told the Commission that it would be unable to establish reliable automated matching between Facebook users’ accounts and WhatsApp users’ accounts.
‘The Commission has found that, contrary to Facebook’s statements in the 2014 merger review process, the technical possibility of automatically matching Facebook and WhatsApp users’ identities already existed in 2014, and that Facebook staff were aware of such a possibility,’ the Commission noted.
‘This is the first time that the Commission has adopted a decision imposing fines on a company for provision of incorrect or misleading information since the entry into force of the 2004 Merger Regulation,’ it added.
‘It’s good to see data protection watchdogs clamping down on WhatsApp and Facebook’s irresponsible approach to user consent. A simple pop-up notice is clearly not a sufficient attempt to inform users that their previously private data would now be exploited for advertising purposes,’ says Rafael Laguna, CEO of Open-Xchange.
‘However we’re seeing this aggressive approach towards gathering user ‘consent’ across countless internet services and advertising platforms. If the Data Protection Working Party applied the same level of scrutiny to all instances of abuse of user consent the technological landscape in Europe would be very different. Service providers have a real opportunity to stand out in Europe by prioritising data privacy and user consent,’ he adds.
‘I had concerns that consumers weren’t being properly protected, and it’s fair to say the enquiries my team have made haven’t changed that view,’ said information commissioner Elizabeth Denham.
‘I don’t think users have been given enough information about what Facebook plans to do with their information, and I don’t think WhatsApp has got valid consent from users to share the information. I also believe users should be given ongoing control over how their information is used, not just a 30-day window,’ she added.