Tag Archives: whatsapp

Autoriteit Persoonsgegevens

Letter from European Data Protection Authorities to WhatsApp

Press release announcing that the Article 29 Working Party has sent a joint letter to WhatsApp calling for more clarity in WhatsApp’s privacy policy, and in particular regarding sharing European data with the parent company Facebook, following on from a change in privacy policy in October 2016.

Agencia Española de Protección de Datos (AEPD)

The AEPD starts an investigation to evaluate the Yahoo´s largest data breach

On 15 December 2016, Yahoo admitted that a large cyber attack affected more than a billion personal accounts worldwide which include different personal information such as names, email addresses, phone numbers, photos and other personal files stored online and even passwords and other encrypted or unencrypted security codes. This disclosure follows September’s incident in which the company admitted the theft ascribed to an unnamed foreign government that affected more than 500 million users dating back to 2014.

Yahoo breach is now being investigated and causes are under investigation. Meanwhile, it’s notifying users who may have been affected by the breach and making them changes their passwords.

The Director of the Spanish Data Protection Agency (AEPD) has expressed her intention to open an investigation to clarify the massive theft of data. In this regard, the AEPD is considering whether to impose sanctions if it determines that Yahoo has not informed users of a security breach.

Agencia Española de Protección de Datos (AEPD)

Facebook Stops WhatsApp Data Sharing Across Europe

On 16 November 2016, WhatsApp announced it had temporarily blocked user data from being shared with its parent company Facebook along Europe. It means that Facebook would only make use of WhatsApp data to prevent spam.

As a consequence, the Spanish Data Protection Agency (AEPD) initiated in early October an investigation to examine the communications and the treatment of personal data made between WhatsApp and Facebook. More specifically, it will study what information collected from WhatsApp users is sent to Facebook, for what purpose, how long it is kept and what options users are offered if they wish to object.

Background of the case

In 2014, Facebook bought WhatsApp and it pledged not to share user data with its new parent. Last August, the company made changes to its terms and conditions which allowed user data to be shared with its parent company as well as Facebook group of companies including Messenger and Instagram for services including advertising and product development purposes. The messaging app argued that it would allow for a better advertising experience and would help fight spam.

According to the WhatsApp blog´s “By coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp”. “Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of”.

Article 29 Working Party (WP29)

Letter to WhatsApp of 27 October 2016 relating to WhatsApp’s Terms of Service and Privacy Policy

The Article 29 Working Party has asked WhatsApp to send it information on the data that will be shared and the sources of the data (“e.g. data from the users’ phones or data already stored on company servers”) and those who will receive the data. The Article 29 WP has severe concerns regarding the manner in which the information related to the Terms of Service and Privacy Policy users (updated in August 2016) and about the validity of the users’ consent.

WhatsApp had already been warned by a German DPA and the CNIL.

Agencia Española de Protección de Datos (AEPD)

Changes in Whatsapp´s Privacy Policy

In 2014, Facebook bought WhatsApp and it pledged not to share user data with its new parent. However, last August, the company announced a big change to its privacy policy as the new terms and conditions allows to share some user data (such as the phone number and the last time the client used the application) with its Facebook family of companies for undetermined range of services.

According to the WhatsApp blog´s “By coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp”. “Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you’ve never heard of”.

Facebook has maintained that its end-to-end encryption system will remain in place for the purpose of respecting the user´s privacy and giving an improved experience without third-party banner ads and spam.