In August last year, WhatsApp unveiled plans to share user data with its parent company Facebook in a bid to improve the social network’s ads and friend suggestions.
The move drew the ire of data protection regulators across the EU, who said that the messaging app had failed to properly secure users’ consent. Facebook responded by suspending the data transfer in all 28 EU member states.
Then in May, the European Commission (EC) fined Facebook £94m for providing misleading information about its acquistion of WhatsApp. It had told the EC it would not be able to match WhatsApp and Facebook profiles, which is exactly what the transfer aimed to do.
Three months later, WhatsApp published another notice for EU users, in an attempt to once again seek their consent. But an official coalition of EU data protection regulators has now written to WhatsApp’s CEO to say it isn’t satisfied that the revised terms comply with EU law.
Led by the UK’s information commissioner, the group has formed a taskforce to seek “a clear, comprehensive resolution”.
One of their key criticisms is that the new notice still doesn’t let users opt out of having their data shared with Facebook. If they don’t agree with the terms of the data transfer, WhatsApp says they must stop using the service.
But under the data regulators’ official definition, consent must be “freely given”. They argue that the “pre-eminence” of the messaging service and “the extent to which Facebook’s social network service is embedded into [people’s] lives” means the continued use of WhatsApp cannot qualify as consent.
The taskforce also claims that the pop-up notice on WhatsApp doesn’t make it clear users’ data would be sent to Facebook and how the data would be processed.
As a result, it is now calling for WhatsApp to give users “sufficiently granular user controls allowing for an appropriate level of control over the sharing of the data”. The ball is once again in WhatsApp’s court.
Neither Facebook nor WhatsApp have responded to a request for comment.