WhatsApp U-turn On Privacy Gets EU Challenge

Uploaded on 2016-11-05 in BUSINESS-Services-Law, FREE TO VIEW, NEWS-Cybersecurity News

A seismic shift in privacy policy by messaging app WhatsApp this summer, when it said it would begin sharing user data with parent company Facebook including for ad targeting, has now attracted the attention of European’s data protection watchdog group, the Article 29 Working Party.

The WP29 group wrote to WhatsApp founder Jan Koum yesterday, setting out its concerns about the privacy policy U-turn, including how the shift was communicated to users.

“The Article 29 Working Party (WP29) has serious concerns regarding the manner in which the information relating to the updated Terms of Service and Privacy Policy was provided to users and consequently about the validity of the users’ consent,” it writes.

“WP29 also questions the effectiveness of control mechanisms offered to users to exercise their rights and the effects that the data sharing will have on people that are not a user of any other service within the Facebook family of companies.”

It adds that its various members, so basically all the national DPAs of EU Member States, will “act in a coordinated way” to target any problems they identify, with a dedicated working group for enforcement actions set to address the WhatsApp issue specifically.

The letter asks WhatsApp for details of the specific data being shared, including data categories, source and recipients, and the effects of the data transfer on users and on “potential third persons”, so the working group can assess whether changes are necessary to ensure legal compliance.

The Wp29 group also urges WhatsApp to stop passing user data to Facebook while it investigates the legality of the arrangement.

WhatsApp declined to specify whether it would be halting data-sharing in Europe, per the WP29’s request, when we asked.

WhatsApp made the following statement: “We’re working with data protection authorities to address their questions. We’ve had constructive conversations, including before our update, and we remain committed to respecting applicable law.”

The WhatsApp-Facebook privacy policy U-turn had already drawn criticism from individual European Union member country data protection agencies, including the ICO in the UK and the Hamburg City DPA in Germany.

Europe’s competition commissioner, Margrethe Vestager, has also publicly flagged the arrangement as a concern, suggesting new rules are needed to enable the region’s regulators to keep up with tech giants’ use of data.

Techcrunch:      WhatsApp Implements Encryption:

« ‘How The Russians Won An American Election’ Opinion By Ronald Marks
Google AI Invents Its Own Cryptographic Algorithm »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IntelliGO Networks

IntelliGO Networks

IntelliGO Networks is a cybersecurity company focused on Managed Detection and Response (MDR).

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

RADICL

RADICL

RADICL's mission is to give SMBs that serve America's Defense Industrial Base (DIB) access to strong, enterprise-grade cyber security protection.

Information Security Society of Africa – Nigeria (ISSAN)

Information Security Society of Africa – Nigeria (ISSAN)

The Information Security Society of Africa – Nigeria (ISSAN) is a not-for-profit organization dedicated to the protection of Nigeria’s cyberspace.

Metrodata Group

Metrodata Group

PT. Metrodata Electronics, known as Metrodata Group, is the leading information communication technology company in Indonesia.