Facebook Ireland ‘not processing EU data’ from WhatsApp

The Data Protection Commissioner's office has confirmed it is examining controversial changes to WhatsApp's terms and conditions and confirmed the parent company Facebook Ireland has agreed not to process the personal data of the messaging app's EU users.

Britain’s privacy watchdog said on Monday that Facebook had agreed to suspend using data from UK users for serving advertisements or product-improvement purposes after the authority said consumers were not being properly protected.

In a statement on Tuesday, the Irish Data Protection Commissioner’s office said it was actively seeking information from Facebook Ireland Ltd in relation to the recent revisions to WhatsApp’s privacy policy, which provided for data sharing with Facebook Ireland Ltd.

“During our engagements with Facebook, it was confirmed that, for the moment, Facebook Ireland is not proceeding to process European user data from WhatsApp for the purposes of serving ads and enhancing the Facebook service. Facebook will now seek to address, where possible, the concerns being raised by European data protection authorities.”

The DPC said it was gathering the facts relevant to the data privacy issues arising, and proceeding to analyse those facts against the European legal framework.

“In addition, it is looking at the quality of the notice and information delivered to users of the WhatsApp service prior to their making a choice to either continue using WhatsApp or to cancel their account,” it added.

“Once the fact-finding and analysis is complete, the Irish DPC will proceed to take appropriate action.”

It said it could not make a more detailed comment on the specific data privacy issues arising at this point, as “we do not want to prejudice the outcomes we will deliver in this matter”.

The Information Commissioner’s Office (ICO) in Britain said the social media giant faces action if it uses such data without valid consent.

It had warned in August that it would monitor WhatsApp’s new privacy policy after WhatsApp, acquired by Facebook in 2014, said it would share user data with its parent company to better fight spam and improve both services’ user experience.

The two companies have also come under scrutiny from the European Union's 28 data protection authorities, who last month requested that WhatsApp pause sharing users' data with its parent company until the appropriate legal protections could be assured. "We're pleased that they've agreed to pause using data from UK WhatsApp users for advertisements or product improvement purposes," the Information Commissioner's Office head Elizabeth Denham said in a statement. "If Facebook starts using the data without valid consent, they may face enforcement action from my office."

The regulator said it had also asked Facebook and WhatsApp to sign an undertaking that would commit the firms to clarify to customers how their data would be used and to give users ongoing control over that data. So far, the companies have not agreed. “We think consumers deserve a greater level of information and protection, but so far Facebook hasn’t agreed,” Ms Denham said.

Simple explanation

A Facebook spokeswoman said WhatsApp “designed its privacy policy and terms update to give users a clear and simple explanation of how the service works, as well as choice over how their data is used. “These updates comply with applicable law, and follow the latest guidance from the UK Information Commissioner’s Office. We hope to continue our detailed conversations with the ICO and other data protection officials, and we remain open to working collaboratively to address their questions.”

Additional reporting: Reuters