Tag: Privacy Policy

ICO announces that Facebook agrees to suspend disclosures of personal data from WhatsApp’s users

8. November 2016

After WhatsApp announced in August changes in its privacy policy, several EU DPAs announced monitoring activities in order to ensure the proper use of WhatsApp user’s data. One of these changes on the privacy policy, involved disclosure of personal data of WhatsApp users to Facebook in order to fight spam and improve both, WhatsApp and Facebook’s services.

The EU DPAs had requested WhatsApp not to carry out such disclosures until an adequate level of data protection could be ensured.

On Monday, ICO announced that Facebook agreed to suspend these disclosures. ICO already remarked that consumers were not adequately protected and in most cases a valid consent was not in place. Moreover, it has requested both companies to undertake in writing to inform users about the purposes for which their data will be used. Until now, none of the companies has signed such committment.

If enforcement action takes place, huge fines may be imposed. This is especially relevant upon the applicability of the GDPR from May 2018.

Other EU DPAs, such as Spain, will contact Facebook regarding WhatsApp’s privacy policy.

On the other side, Facebook stated that it only collects the data necessary to offer their services and only a part of this data is shared with Facebook. A Facebook spokeswoman confirmed that WhatsApp’s update complies with applicable law, including UK law and that they will continue the conversations with the ICO regarding the questions raised on the Privacy Policy.

“What’s at stake is individual control of one’s data when they are combined by internet giants”

1. September 2016

The concern due to WhatsApp sharing user information with Facebook is rising, especially in Europe.

As the Wall Street Journal reported, European privacy regulators are investigating WhatsApp’s plan to share the information of their users with its parent company Facebook.

The Article 29 Working Party representing the 28 national data protection authorities released a statement at the beginning of this week saying that its members were following “with great vigilance” the upcoming changes to the privacy policy of WhatsApp due to the fact that the new privacy policy allows WhatsApp to share data with Facebook, whereas the privacy policy only gives existing WhatsApp users the right to opt out of part of the data sharing. Therefore, the Article 29 Working Party concluded “What’s at stake is individual control of one’s data when they are combined by internet giants”.

Furthermore,

  • the ICO also issued a statement last week raising concerns due to the “lack of control”,
  • at the beginning of this week the consumer privacy advocates in the U.S. filed a complaint with the Federal Trade Commission due to the fact that WhatsApp promised that “nothing would change” when Facebook acquired WhatsAPP two years ago and on top of that
  • the Electronic Privacy Information Center and the Center for Digital Democracy turned to the Federal Trade Commission in order to get the confirmation that the upcoming changes to the privacy policy can be seen as “marketing practices” that are “unfair and deceptive trade practices”.
Category: Article 29 WP · EU · UK · USA
Tags: , , ,

WhatsApp will share user information with Facebook

26. August 2016

Jan Koum, one of WhatsApp’s founders, stated shortly after selling WhatsApp to Facebook in 2014 that the deal would not affect the digital privacy of his mobile messaging service with millions of users.

However, according to the New York Times WhatsApp is about to share user information with Facebook. This week, WhatsApp published a statement saying that it will start to disclose phone numbers and analytics data of its users to Facebook. By doing so, it will be the first time that WhatsApp will connect the data of its users to Facebook.

Furthermoere, due to the fact that WhatsApp begins to built a profitable business after its previous little emphasis on revenue, it is now changing its privacy policy to the extent that WhatsApp wants to allow businesses to contact customers directly through its platform.

WhatsApp commented on the new privacy policy “We want to explore ways for you to communicate with businesses that matter to you, too, while still giving you an experience without third-party banner ads and spam”.

The new privacy policy will allow Facebook to use a users’s phone number to improve other Facebook-operated services like making new Facebook friend suggestions or better-tailored advertising.

However, WhatsApp underlines that neither it nor Facebook will be able to read users’ encrypted messages and emphasizes that individual phone numbers will not be given to advertisers.

Koum explained that “Our values and our respect for your privacy continue to guide the decisions we make at WhatsApp” and went on “It’s why we’ve rolled out end-to-end encryption, which means no one can read your messages other than the people you talk to. Not us, not Facebook, nor anyone else” and concluded “Our focus is the same as it’s always been — giving you a fast, simple and reliable way to stay in touch with friends and loved ones around the world.”

WhatsApp’s new privacy policy raises concerns due to the lack of data protection. Therefore, the president of the Electronic Privacy Information Center, Marc Rotenberg commented that it is about to file a complaint next week with the Federal Trade Commission in order to prevent WhatsApp from sharing users’ data with Facebook. Rotenberg justified this approach as “Many users signed up for WhatsApp and not Facebook, precisely because WhatsApp offered, at the time, better privacy practices” he explained “If the F.T.C. does not bring an enforcement action, it means that even when users choose better privacy services, there is no guarantee their data will be protected.”

 

How to join the EU-U.S. Privacy Shield?

23. August 2016

In order to join the EU-U.S. Privacy Shield a company has to self-certify and therefore ensure the following requirements:

     1. The eligibility of the company has to be confirmed in order to participate in the

          EU-U.S. Privacy Shield.

     2. Development of a Privacy Policy that is compliant to the EU-U.S. Privacy Shield.

  • The Privacy Policy has to comply with the EU-U.S. Privacy Shield Principles.
  • The Privacy Policy has to refer to the Privacy Shield Compliance.
  • An accurate location for the Privacy Policy has to be provided and made sure that it is publicly available.

    3. Independent recourse mechanisms need to be identified.

  • Enforcement and Liability Principle: the company has to provide an independent recourse mechanism available to investigate unresolved complaints at no cost to the individual.

   4. Verification mechanisms need to be in place.

  • The company is required to have procedures in place for verifying compliance through self-assessments or third party assessments.

     5. Implementation of a person of contact.

  • The company is required to provide a contact with regard to questions, complaints, access requests, and any other issues arising under the EU-U.S. Privacy Shield.

 

Furthermore, the company has to pay a fee depending on the annual revenue:

Company’s Annual RevenueFee
$0 to $5 million$250
Over $5 million to $25 million$650
Over $25 million to $500 million$1,000
Over $500 million to $5 billion$2,500
Over $5 billion$3,250

German courts ruled: WhatsApp has violated the Telemedia Act

28. June 2016

A Berlin Court ruled that WhatsApp failed to comply with the German Telemedia Act and another court upheld this judgment recently. The claim is about WhatsApp forcing German users to agree to terms of service in the English language and therefore breaking consumer protection rules. According to this ruling, WhatsApp violates Germany’s Telemedia Act, as it does not provide consumers with a German company representative in case any questions or concerns occur.

In case the decision will be lawful, WhatsApp will be required to translate the entire terms of service and the privacy policy into German or be fined $283,000.

The CEO of the Federation of German Consumer Organizations, Klaus Müller, said that companies complicate their terms and conditions so that it is difficult for consumers to understand them. He goes on by saying that millions of WhatsApp users in Germany have an even harder time reading and understanding them in English.

Therefore, the problem is that consumers tend to accept the terms and conditions without really knowing what they signed up for.

However, up until today it is not known if WhatsApp will appeal the ruling one last time.