February 17, 2021
A long-standing investigation into WhatsApp and Facebook’s data-sharing strategies across platforms has finally produced its first results. Ireland’s Data Protection Commission (“DPC”) confirmed that it has submitted its draft decision to fellow European Union data protection authorities (“DPA”) near the end of 2020.
Under the European Union’s General Data Protection Regulation (“GDPR”), the submission of the draft decision triggers a review process by other DPAs from which a majority consensus must be reached before a decision can be finalized.
Given the recent backlash to WhatsApp’s new privacy terms, the DPC’s investigation into the company’s transparency issues appears to be quite timely. The case however, dates back to 2018 when the GDPR came into effect, and concerns WhatsApp Ireland’s compliance with Articles 12-14 of the GDPR. These articles outlines the necessary transparency measures to be taken by corporations in using their customers’ data. While it may be months until the final decision is released, its outcome will establish the “standard of transparency to which WhatsApp is expected to adhere.”
With respect to WhatsApp’s more recent controversy surrounding its terms and conditions, the DPC’s deputy commissioner Graham Doyle stated that the regulator has received numerous queries from concerned stakeholders. Doyle confirmed that the DPC had received a commitment from WhatsApp that its new terms and conditions did not change its data-sharing practices. “The updates made by WhatsApp are about providing clearer, more detailed information to users on how and why they use data,” said Doyle. Nonetheless, WhatsApp has decided to postpone its rollout of these privacy terms for three months in an attempt to appease the public.
As Facebook and WhatsApp continue to receive increased scrutiny on their privacy and data-protection measures, it will be interesting to see how these key issues unfold.
Author: Shadi Varkiani