3rd November, 2016

Data Privacy: From WhatsApp to Facebook

Why the data shared with Facebook by WhatsApp should be stopped until the usage of these data won't be clarified.

Already in 2014, two American non-profit associations for the privacy protection, the Electronic Privacy Information Center and the Center for Digital Democracy, formally asked to the Federal Trade Commission (FTC) to block the acquisition of WhatsApp by Facebook.

Based on several complaints, Facebook declared that Facebook and WhatsApp would have continued to be two separated companies, without sharing their data.

In the summer 2016, all the Whatsapp users were informed by a disclaimer, provided during the update of the application, about a change regarding the policy of WhatsApp: the change of the condition about the information sharing with Facebook was not enough clear neither for the users and for the privacy protection associations in the case of eventual abuses.

The Article 29 Working Party, the document made up by the representatives from the data protection authority of each EU Member State, raised some concerns about the way that information that was provided to the users at the moment of updating the application and about the way that the users could exercise a control to share their information and to protect their privacy. Moreover, it's not clear what kind of effect there will be on people that are not part of the social network.

Why is this so important?

Let's do a step back: if you have an account on Facebook you can connect and share information only with other people who accepted to be on Facebook and, as a consequence, with those people who accepted the policy of the platform.

With WhatsApp, on the contrary, today it's still not clear what usage will be done about the 3rd party data that will be collected from our accounts: if any colleague, or any member of our family will not be interested to be present into WhatsApp or Facebook, therefore they won't install the application, they won't create an account and won't accept the platform privacy policies, their data will be still collected (without their explicit approval) because the platform will access to the contact information (Name, Last Name, Email, Phone number, and maybe a profile photo) that will be store into our phone and thus shared with the platform.

WhatsApp should provide a list of the 3rd parties that will receive these information and clarify what usage will be done by them.

But how are European Privacy Regulators are acting in this moment?

From Spain, Germany, Italy and UK there was a quick reaction about these points. The first result was to obtain that the European Court of Justice has suggested that multinational companies must comply with national data laws if data is processed in that country. In Germany has been declare illegal the data sharing between WhatsApp and Facebook. The data sharing in Germany is only allowed if both companies establish a legal basis to do it and they prohibit Facebook with immediate effect to collect and store data of German WhatsApp users and to delete all data that has already been forwarded by WhatsApp.

Also in England the Information Commissioner is investigating how the data is shared. In a statement, the Information Commissioner said: "Our role is to pull back the curtain on things like this, ensuring that companies are being transparent with the public about how their personal data is being shared and protecting consumers by making sure the law is being followed".

Until these points won't clarified, the Article 29 Working Party reccomends to WhatsApp to do not share the data until they won't be able to ensure a legal protection".

The first reaction of WhatsApp have been to introduce at the end of August a switch to allow to the user to stop sharing their data with Facebook and, in an update in October, the sharing is stopped by default.

Even if this initiative has been temporary blocked, we shouldn't forget that Facebook bought for 19 billion dollars WhatsApp not for the revenues generated by platform (the users can still access for free without ads), but for the amount of data that this application is controlling.

We can be sure that this will be only the first of a series of attack to the privacy of the WhatsApp's users.

Leave a comment

Swiss Identity & Access Management experts

Ask for a Demo