European privacy watchdogs warned WhatsApp on Friday over sharing user information with parent company Facebook, and cautioned Yahoo over a 2014 data breach and scanning of customer emails for US intelligence purposes.
The popular messaging service’s recent change in privacy policy to start sharing users’ phone numbers with Facebook – the first policy change since WhatsApp was acquired by Facebook in 2014 – has attracted regulatory scrutiny in Europe.
The Italian antitrust watchdog on Friday also announced a separate probe into whether WhatsApp obliged users to agree to sharing personal data with Facebook.
The European Union’s 28 data protection authorities said in a statement they had requested WhatsApp stop sharing users’ data with Facebook until the “appropriate legal protections could be assured” to avoid falling foul of EU data protection law.
WhatsApp’s new privacy policy involves the sharing of information with Facebook for purposes that were not included in the terms of service when users signed up, raising questions about the validity of users’ consent, the authorities, known as the Article 29 Working Party (WP29), said.
A spokeswoman for WhatsApp said the company was working with data protection authorities to address their questions.
“We’ve had constructive conversations, including before our update, and we remain committed to respecting applicable law,” she said.
Facebook has had run-ins with European privacy watchdogs in the past over its processing of users’ data. However, the fines that regulators can levy are paltry in comparison to the revenues of the big U.S. tech companies concerned.
The EU data protection authorities also wrote to
Yahoo over a massive data breach that exposed the email credentials of 500 million users, as well as its scanning of customers’ incoming emails for specific information provided by U.S. intelligence officials.
They asked Yahoo to communicate all aspects of the data breach to the EU authorities, to notify the affected users of the “adverse effects” and to cooperate with all “upcoming national data protection authorities’ enquiries and/or investigations.
“The reports (about email scanning) are concerning to WP29 and it will be important to understand the legal basis and justification for any such surveillance activity, including an explanation of how this is compatible with EU law and protection for EU citizens,” the watchdogs said in their letter to Yahoo. Yahoo did not immediately respond to a request for comment.
The regulators will discuss the Yahoo and WhatsApp cases in November.
Reuters