WhatsApp has said that users will soon have to share information with its parent company, Facebook, if they are to keep using the service.
In a privacy policy update released last week, the instant messaging service told users that they must accept the updates or delete their account.
The change will take place on 8 February – but it won’t apply to EU or UK customers.
Why is Europe exempt?
There was initially some confusion over how the changes to WhatsApp’s privacy policy would affect European customers.
This is in part because of the GDPR (General Data Protection Regulation), but also a result of an existing agreement with the Irish Data Protection Commission and other European data protection authorities.
Indeed, the “key updates” summary of the privacy policy references integration with Facebook in the international copy, but doesn’t do so on European version of the page.
Facebook has since confirmed that customers in the EU and UK would not be subject to the data-sharing changes, although they are required to accept new terms.
However, the new privacy policy for European users does state that data can be shared with other Facebook companies – such as WhatsApp and Instagram – for a variety of reasons, including to show personalised advertising and offers, make suggestions for content and help to complete purchases.
But a spokesperson for Facebook assured users that “it is still the case that WhatsApp does not share European region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or advertisements.”
GDPR compliance support with GRCI Law
This story demonstrates how easy it is for small features to turn into major regulatory issues. Organisations will always have a tough task when dealing with children’s personal data, but these sorts of problems can occur in any part of your business.
If you’re concerned about whether you’re meeting your GDPR compliance requirements, our Privacy as a Service solution is ideal.
Our team of experienced lawyers, barristers, and information and cyber security experts will work with you to help you achieve regulatory success.
This includes help with compliance monitoring, breach notification processes and data privacy management, and support completing DSARs (data subject access requests).
