The EU Article 29 Working Party (WP29) has issued a letter to WhatsApp co-founder Jan Koum, revealing that it has launched a taskforce led by the UK Information Commissioner’s Office to investigate what it states to be deficiencies in the consent mechanism that the messaging service has been using in terms of data sharing with its parent company, Facebook.
Last October, WP29 issued a letter to Koum saying: “It is of the utmost importance that your company communicates all the available information. This includes not only, but specifically, information on the exact categories of data (eg names, telephone numbers, email, postal address etc) and the source of such (eg data from the users’ phones or data already stored on company servers) as well as a list of recipients of the data and the effects of the data transfer on the users and potential third persons.”
Issues not sufficiently tackled by WhatsApp
Facebook then agreed to pause its collection of data for advertising purposes, and WhatsApp added a ‘notice for EU users’ but the WP29 said it “does not sufficiently address the issues of non-compliance with data protection law”.
The WP29 also took issue with WhatsApp using a pre-ticked check box to accept the new terms, saying it did not indicate “unambiguous consent”. According to the watchdog, WhatsApp didn’t offer “sufficiently granular user controls” to let people opt out of data sharing.
Both companies must now meet with the taskforce.
The letter concluded: “Given the impact of these issues on European citizens, the WP29 considers it a matter of utmost importance that a clear, comprehensive resolution is put in place and that the pause in data sharing for the purpose of improving Facebook products and enhancing targeted advertising on Facebook continues until such time as the matter is resolved to the satisfaction of data protection authorities.”