European privacy watchdogs have warned WhatsApp over sharing user information with parent company Facebook, and cautioned Yahoo over a 2014 data breach and scanning of customer emails for US intelligence purposes.
The independent body composed of the European Union’s 28 data protection authorities said in a statement it had requested WhatsApp stop sharing users’ data with Facebook to avoid falling foul of EU data protection law.
It told WhatsApp it was of “the utmost importance” that the company communicate “all the available information”.
“This includes not only but specifically information on the exact categories of data (eg names, telephone numbers, email, postal address, etc) and the source of such (eg data from the users’ phones or data already stored on company servers) as well as a list of recipients of the data and the effects of the data transfer on the users and potential third persons.”
A spokeswoman for WhatsApp said the company was working with data protection authorities to address their questions.
“We’ve had constructive conversations, including before our update, and we remain committed to respecting applicable law,” she said.
The Italian antitrust watchdog on Friday also announced a separate inquiry into whether WhatsApp obliged users to agree to sharing personal data with Facebook.
Facebook has had run-ins with European privacy watchdogs in the past over its processing of users’ data. However, the fines that regulators can levy are paltry in comparison to the revenues of the big US tech companies concerned.
The EU data protection authorities also wrote to Yahoo over a massive data breach that exposed the email credentials of 500 million users, as well as its scanning of customers’ incoming emails for specific information provided by US intelligence officials.
Yahoo said it was aware of the letter and would work to respond as appropriate.
The data protection authorities asked Yahoo to communicate all aspects of the data breach to the EU authorities, to notify the affected users of the “adverse effects” and to co-operate with all “upcoming national data protection authorities’ enquiries and/or investigations”.
“The reports [about email scanning] are concerning to WP29 and it will be important to understand the legal basis and justification for any such surveillance activity, including an explanation of how this is compatible with EU law and protection for EU citizens,” the WP29 body said in its letter to Yahoo.”
The regulators will discuss the Yahoo and WhatsApp cases in November.
– (Additional reporting: Reuters)