Irish data watchdog to Facebook: Hang about, what's all this about a WhatsApp, Instagram, Messenger merger now?

Facebook has been warned it can only borg its three messaging platforms in the European Union if it meets data protection rules. There are widespread concerns about the plan's impact.

Whats(goes)App must come down... World in shock as Zuck decides to intertwine Facebook, Instagram, WhatsApp

READ MORE

The Irish Data Protection Commission has called on Facebook to provide it with an "urgent briefing" on the proposals.

In a statement, the Irish watchdog (Facebook's European HQ is in Dublin) said it understood the plan was at a "very early conceptual stage" but that it would keep close tabs on the process.

"The Irish DPC will be very closely scrutinising Facebook's plans as they develop, particularly insofar as they involve the sharing and merging of personal data between different Facebook companies," it said.

At the moment, WhatsApp and Instagram users are identified by their phone numbers, while Facebookers sign up with other information. Bringing the three platforms together would give the Zuckerborg the ability to greatly expand its already detailed profiles of users, creating an even more lucrative data set to mine for ad revenue.

This isn't the first time Facebook has come under the glare of EU agencies. In 2017, it was fined €110m by the European Commission for giving misleading or incorrect information about its takeover of WhatsApp.

Facebook 'fesses up to WhatsApp privacy blunder in UK

READ MORE

And in 2016, two years after it acquired WhatsApp, Mark Zuckerberg's firm was forced to "pause" data sharing between the two platforms after a change in its Ts&Cs put the wind up authorities.

A year later it was again reprimanded for, er, failing to meet the mark (not unlike the UK itself; the poor sods at the digital committee have had a hang of a time trying to pin down CEO Mark Z), and in 2018 the UK's watchdog concluded the Social Network™ hadn't identified a legal basis for sharing personal data in a way that would benefit Facebook's business.

At that point, the biz signed an undertaking promising not to share any EU user data with any other Facebook-owned company until it was able to comply with the General Data Protection Regulation (GDPR).

Commenting on the new proposals, the Irish DPC pointed to these previous issues, and said it would be "seeking early assurances that all such concerns will be fully taken into account".

The merger has also raised eyebrows among the security community. Writing on Twitter, Johns Hopkins cryptographer Matthew Green questioned the proposals for encryption – Facebook is reported to be planning to incorporate end-to-end encryption across all the apps.

FB’s current encryption on WA and FBM is very limited. It only supports one client (plus an optional desktop, which is kind of funky) and has no “native web-only” mode. Whereas the non-e2e messages support all that stuff. 5/

— Matthew Green (@matthew_d_green) January 25, 2019

Even for those who see the promise of greater encryption as a positive, the wider proposals ring alarm bells. US Senator Brian Schatz (Democrat, Hawaii) said on Twitter that the news was "good for encryption but bad for competition and privacy".

It's likely that competition authorities and regulators on both sides of the Atlantic will want to probe the proposals – and, despite Facebook insisting that there is still a "long process" before the full details are ironed out, the NYT reported that the project is set to complete as soon as the end of this year.

However, in its parting shot, the Irish DPC said: "It must be emphasised that ultimately the proposed integration can only occur in the EU if it is capable of meeting all of the requirements of the GDPR."

On the day the news of the merger broke, a Facebook spokesman told The Reg in a statement: "We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private. We're working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks. As you would expect, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work." ®