EU to investigate WhatsApp & Facebook for controversial user consent policies

EU to investigate WhatsApp & Facebook for controversial user consent policies

WhatsApp tackles online fraud with new 'suspicious link detection' feature

Facebook and WhatsApp are set to be probed by an EU data protection authority for not obtaining appropriate user consent for their data sharing plans.

The EU data protection authority believes WhatsApp was negligent in informing users that their data will be shared with Facebook.

Facebook has been at the receiving end of an intense scrutiny from the European Union’s data protection watchdog, the Article 29 Data Protection Working Party, for not being clear about its data-sharing plans with its subsidiary WhatsApp.

The Data Protection Working Party believes that the information presented by WhatsApp to its users on data sharing with Facebook was ‘seriously deficient as a means to inform their consent’. In a letter addressed to Jan Koum, chief executive of WhatsApp, the watchdog stated that notices given to users did not make it clear that their personal data would be shared with Facebook.

In fact, all that WhatsApp did was share a new privacy policy via a pop-up notification, informing users that the policy had been updated to ‘reflect new features’. At the same time, the checkbox for users to accept the new policy was pre-ticked. The working party found this approach ‘misleading‘.

It added that WhatsApp users were not offered “sufficiently granular user controls” to opt out of the new privacy policy as well, thereby resulting in a breach of the EU’s regulations on user consent.

Back in May, the European Commission fined Facebook €110 million for lying to it in 2014 about its plans to share user data with WhatsApp. During the EU’s investigation into Facebook’s merger with WhatsApp in 2014, the social media giant told the Commission that it would be unable to establish reliable automated matching between Facebook users’ accounts and WhatsApp users’ accounts.

However, in August 2016, WhatsApp updated its privacy policy and terms & conditions to include the ability to link WhatsApp users’ phone numbers with Facebook users’ identities.

‘The Commission has found that, contrary to Facebook’s statements in the 2014 merger review process, the technical possibility of automatically matching Facebook and WhatsApp users’ identities already existed in 2014, and that Facebook staff were aware of such a possibility,’ the Commission noted.

‘This is the first time that the Commission has adopted a decision imposing fines on a company for provision of incorrect or misleading information since the entry into force of the 2004 Merger Regulation,’ it added.

‘It’s good to see data protection watchdogs clamping down on WhatsApp and Facebook’s irresponsible approach to user consent. A simple pop-up notice is clearly not a sufficient attempt to inform users that their previously private data would now be exploited for advertising purposes,’ says Rafael Laguna, CEO of Open-Xchange.

‘However we’re seeing this aggressive approach towards gathering user ‘consent’ across countless internet services and advertising platforms. If the Data Protection Working Party applied the same level of scrutiny to all instances of abuse of user consent the technological landscape in Europe would be very different. Service providers have a real opportunity to stand out in Europe by prioritising data privacy and user consent,’ he adds.

WhatsApp’s controversial privacy policy, which was updated in August last year, immediately attracted the attention of the Information Commissioner’s Office who promptly ordered an investigation. Facebook had initially announced that it would harvest data from its messaging app and share it with its social network for advertising and product improvement purposes. However, it was forced to pause the data sharing as a result of the investigation.

‘I had concerns that consumers weren’t being properly protected, and it’s fair to say the enquiries my team have made haven’t changed that view,’ said information commissioner Elizabeth Denham.

‘I don’t think users have been given enough information about what Facebook plans to do with their information, and I don’t think WhatsApp has got valid consent from users to share the information. I also believe users should be given ongoing control over how their information is used, not just a 30-day window,’ she added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]