WhatsApp, the popular messaging app owned by Facebook had been in a troubled spot since days after ICO (Information Commissioner’s Office) in the UK had launched an investigation regarding the supposedly mutual data sharing between both the parties- Facebook and WhatsApp. The ICO finally gave a green flag to WhatsApp and shut down the investigation citing that WhatsApp cannot and does not share user data with Facebook except for the use of basic data processing. For the investigation to come to a conclusion WhatsApp had to sign an undertaking in which they agreed to not share data between both the entities until it could be done in a way which was compliant to GDPR (General Data Protection Regulation).
Commissioner Elizabeth Dunham who had previously addressed WhatsApp in her own letter raising concerns about the same issue said: “Data protection law does not prevent a company from sharing personal data – they just have to follow the legal requirements”.
Things look good for Facebook now, since the ICO has decided that it won’t be fining Facebook on the basis of its intentions. As the company didn’t seek any unlawful way and didn’t resort to illegal actions to exchange data, they have been given this pass.
The closing of this investigation signals towards a truce between both the fronts with the situation ending in a win-win result for ICO as well as Facebook. Commissioner Dunham said, “I reached the conclusion that an undertaking was the most effective regulatory tool for me to use, given the circumstances of the case.”
She also didn’t forget to add that since WhatsApp hadn’t actually shared data with Facebook, it rendered her in a position where she was unable to issue a penalty against the company.
GDPR is a wide-ranging data protection framework that grants people more control over how their data is used online by digital applications. The GDPR is to be implemented in May this year in the entire European Union and is going to cause many applications to fall in line with the new regulations which this new framework is going to impose for the sake of security of user data.
What tipped off the ICO to put up an investigation against WhatsApp was the new update that WhatsApp rolled out noting that they planned on sharing user data with Facebook. The investigation was initiated post this update in August 2016.
Questions arise that even though Facebook has its own in-house messaging application – The Facebook Messenger for which the company uses user data to optimize their advertisements and targeting then why was WhatsApp under question. The answer to this question lies in the motive with which WhatsApp was started. WhatsApp was initially founded as a separate company and was later acquired by Facebook in 2014 for $19 Billion. WhatsApp had made it clear that what set them apart from other platforms was their non-reliance on advertisement and absolutely no connection with data manipulation.
The new update policy which WhatsApp introduced later last year clearly seemed to go against their initial proclamation since it outlined that the users of WhatsApp will somehow end up being like other Facebook users thus resulting in a common disappointment. This sharing of data would mean that Facebook would be able to use user data obtained from WhatsApp in a similar way that Facebook does for its Messenger users.
Commissioner Dunham then went onto say the following things about the idea of WhatsApp sharing user information with Facebook.
“WhatsApp has not identified a lawful basis of processing for any such sharing of personal data;?WhatsApp has failed to provide adequate, fair processing information to users in relation to any such sharing of personal data;?In relation to existing users, such sharing would involve the processing of personal data for a purpose that is incompatible with the purpose for which such data was obtained;?I found that if they had shared the data, they would have been in contravention of the first and second data protection principles of the Data Protection Act,” she added.
But like we came to know, WhatsApp was able to escape fines since the said update wasn’t rolled out on the platform and no data was actually shared between the two. According to the GDPR WhatsApp can only share data with Facebook for certain purposes only which might include use of Facebook servers by WhatsApp for the messaging services.
The term used to refer to such services is “data processor”. So technically ICO couldn’t object to WhatsApp as long as the company used Facebook as a ‘data processor’. Denham clearly illustrated the ways in which WhatsApp was implementing its features righteously.
Commissioner Denham pointed two facts which according to her were the most important pillars on which the whole investigation was based upon: “At the heart of these concerns lies a desire for improved transparency, control, and accountability, at a time when personal data is ever more central to the business models of key players in the digital economy,” which according to her is an appreciable development in the tech scene signalling tech companies to walk into a direction where data is more transparent, less manipulated and user security is the prime concern.
Secondly, she points towards the wider developments in the same direction which are being implemented in entire Europe. In Germany, the Hamburg Commissioner of Data Protection and Freedom of Information also released information this month saying that the Higher Administrative Court (OVG) Hamburg had also put on hold on activities by Facebook thus restraining Facebook from using data provided by WhatsApp. Similar actions are in initiation stage in France and will be led by the French regulator CNIL.
While speaking in overall terms, this is a good step when it comes to user data security but tech giants will definitely be reluctant to give up their control over such a large user base and will probably be motivated to find ways around the GDPR. This step will not only comply a lot of companies to do things in a more ‘legal’ way but also provide chances to tech giants like Facebook to test the system.
Later, after Dunham issued all these statements, a WhatsApp spokesperson also came up with his statements regarding the ICO investigation against Facebook and WhatsApp. The spokesperson said that WhatsApp cares deeply about its users and then went on further adding “We collect very little data and every message is end-to-end encrypted. As we’ve repeatedly made clear for the last year we are not sharing data in the ways that the U.K. Information Commissioner has said she is concerned about anywhere in Europe.”
After the events, we are sure that WhatsApp is reshaping their privacy policy to make it compliant with the GDPR. The latest update which WhatsApp rolls out, specifically in the UK will tell us more about in what ways WhatsApp will be sharing data with Facebook and for what purpose. WhatsApp has already made changes to its privacy policy.
