Facebook has been told that it
cannot collect WhatsApp users' data in Germany after the messaging app updated its terms last month to allow information
sharing with its parent company.
Regulators expressed fears that the policy changes could infringe on WhatsApp
users' privacy by giving Facebook access to their phone numbers, as
well as information about their phones and operating systems.
Responding to
such concerns, a German regulator has ordered Facebook to stop collecting WhatsApp data
and delete all of the information that has already been transferred from
the messaging app to the social media giant.
"It has to be the 35 million
WhatsApp users in Germany's decision whether they want to connect their
account with Facebook," said Johannes Caspar, the data protection
commissioner for Hamburg. "Facebook has to ask for their permission
in advance. This has not happened."
When Facebook bought WhatsApp in 2014 for $19 billion (£14.7bn),
the deal came with an assurance from both companies that
they wouldn't share their users' data. To some regulators, the recent amendment
that lets WhatsApp share user information and analytics with Facebook
breaks that promise.
The Hamburg watchdog, which acts for
the country, said the companies had been "misleading" and, in
doing so, infringed on Germany's data protection law. It also
said Facebook didn't acquire legal permission to collect the information.
The amount of data potentially
available to Facebook through the new agreement is "cause for concern",
according to the Hamburg regulator.
WhatsApp asks users for permission
to access their contacts when they first download the app so they can start
conversations with people they know. This automatically lets the app see the
names and numbers of all of their contacts, even those who don't
use WhatsApp.
Facebook hasn't traditionally had access to this raft
of information as it doesn't require contacts permission,
and has only more recently started asking for it.
"According to Facebook, this
gigantic amount of data has not yet been collected. Facebook's answer
- that this has merely not been done for the time being - is cause
for concern that the gravity of the data protection breach will have a much
more severe impact," said Caspar.
The US Federal Trade Commission
warned that WhatsApp and Facebook could have violated its guidelines
with the changes, while the UK Information Commissioner's Office said it
was investigating the matter.
Elizabeth Denham, the UK commissioner,
said at the time of the changes: "Organisations do not need to get prior
approval from the ICO to change their approaches, but they do need to stay
within data protection laws. We are looking into this.
"Our role is to pull back the
curtain on things like this, ensuring that companies are being transparent with
the public about how their personal data is being shared, and protecting
consumers by making sure the law is being followed."
The watchdog is yet to release any
more information about whether Facebook has violated data protection laws in
the UK.
A spokesman for Facebook said:
"Facebook complies with EU data protection law. We will work with the
Hamburg DPA in an effort to address their questions and resolve any
concerns."
The social media giant said the
changes, which are part of its plans to put WhatsApp and Facebook users' in touch with businesses, would improve
user experience by helping fight spam and refine friend recommendations on Facebook.
It also assured users their phone numbers wouldn't be shared publically on
Facebook or with advertisers.
As WhatsApp messages are end-to-end encrypted, neither WhatsApp nor
Facebook can read the contents of users' messages. WhatsApp can however tell
who users are communicating with and for how long, as well as the type of phone
and operating system they're using.
1 comments:
hmmmmmmm