The Hamburg privacy watchdog has launched an emergency procedure against Facebook to ban the company from using WhatsApp user data for Facebook purposes. The regulator is starting the procedure because of WhatsApp’s new conditions.
Hamburg’s Beauftragte für Datenschutz und Informationsfreiheit says it will start proceedings against Facebook’s Irish headquarters, aiming to ban the company from using WhatsApp user data for Facebook’s own purposes. Facebook will first be given the opportunity to respond to the procedure during a hearing.
The reason for the procedure is WhatsApp’s updated privacy and terms of use. Users must agree to this by 15 May. The new conditions were met with considerable criticism, even though nothing changes for European users. The Hamburg watchdog says the new terms “contain extensive passages” in which the service would give itself the right to share data from WhatsApp users with other Facebook companies. Facebook’s privacy policy would also support the use of user data from partner companies affiliated with Facebook.
The HmbBfDI ‘fears’ that with the new terms, Facebook will use WhatsApp user data for marketing purposes and to show users advertisements. Johannes Caspar, commissioner of the regulator, says that ‘to our knowledge’ there has been no supervisory investigation into the data traffic between WhatsApp and Facebook. According to Caspar, the research is necessary to prevent ‘the illegal and massive sharing of data’. Caspar also wants to stop illegal pressure being exerted on ‘millions of people’ to agree to the WhatsApp conditions.
The regulator wants to have made a decision before 15 May. Facebook says in a response, according to Bloomberg, that it wants to rectify “the misunderstanding” that may have arisen with the regulator. “To be clear, when users accept the updated WhatsApp terms, users are not granting permission to increase data sharing with Facebook,” the company said. The update would also have “no impact” on the privacy of users’ messages.
Normally, the privacy regulator in the country where a company has a European headquarters conducts investigations into such privacy issues. However, individual EU countries can also launch their own investigations under Article 66 of the GDPR to protect the rights and freedoms of citizens. Because Facebook’s German headquarters are in Hamburg, the Hamburg regulator is responsible for the investigation. Measures taken by a supervisor under Article 66 are valid for three months, but can be extended by the European Data Protection Board.