UK ICO rules WhatsApp sharing data with Facebook would be illegal

14 Mar 2018

Image: Alex Ruhl/Shutterstock

WhatsApp publicly commits to not share personal data with Facebook following ICO investigation.

The UK Information Commissioner’s Office (ICO) has closed an investigation into WhatsApp’s data-sharing policy with its parent company, Facebook. The proceedings had been ongoing since August 2016 and the ICO ordered WhatsApp to cease sharing personal data with Facebook in November that same year.

ICO completes probe into data sharing

On Wednesday (14 March) the ICO stated it had completed its investigation into the practices of both companies. Information commissioner Elizabeth Denham led the examination and found WhatsApp had not identified a lawful basis of processing for any sharing of personal data and failed to provide users with clear and fair processing information in relation to sharing personal data.

The ICO also found sharing such data would involve processing the information in a way that was incompatible with the purpose for which it was obtained in the first place. If the companies had shared the data, they would have been in contravention of the first and second principles of the UK data protection act.

WhatsApp has now publicly pledged not to share personal data with Facebook until both entities can figure out a method to do so in compliance with the upcoming General Data Protection Regulation (GDPR), which comes into force on 25 May. It also assured the ICO that no UK user information has ever been shared with Facebook other than in the social network’s capacity as a data processor.

Other European countries still examining the situation

Other EU data protection authorities are still conducting investigations into WhatsApp and Facebook’s sharing practices.

Denham gave some cultural context for the investigation: “Concerns about possible inappropriate data sharing were raised by media reports, civil society groups, and data protection authorities globally as a result of WhatsApp updating their terms and conditions and privacy policy. At the heart of these concerns lies a desire for improved transparency, control, and accountability, at a time when personal data is ever more central to the business models of key players in the digital economy.”

WhatsApp told The InquirerWhatsApp cares deeply about the privacy of our users. We collect very little data and every message is end-to-end encrypted. As we’ve repeatedly made clear for the last year, we are not sharing data in the ways that the UK Information Commissioner has said she is concerned about anywhere in Europe.

Denham also said the ICO would be watching WhatsApp closely under GDPR once it comes into effect.

Woman on WhatsApp. Image: Alex Ruhl/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com