France gives WhatsApp a month to get slurps in order or face fine

Regulator questions legality of transferring data to Facebook

By Rebecca Hill


The French information watchdog has told WhatsApp it has a month to comply with data protection laws, or risk being fined.

European data protection agencies have become increasingly frustrated with the slurp-happy attitude of the messaging app and parent company Facebook since its privacy policy changed last summer.

The policy stated that data farmed by WhatsApp could be sent over to the Zuckerborg for targeted advertising, security and business intelligence purposes.

But it had to put this data harvest on hold in the EU after the group of data protection bodies – known as the Article 29 Working Party (WP29) – questioned its legality on this side of the pond.

This summer the biz added a "notice for EU users", but that did little to placate the group, which said in October that it doesn't it "sufficiently address the issues of non-compliance".

That group, though, doesn't have enforcement powers in its own right, so it is up to the individual agencies to take such action.

The French agency, CNIL, has now done so, issuing the biz with an ultimatum: address its concerns or risk a fine.

In a statement, the CNIL takes issue with the firm's processing of data for business intelligence.

"If the purpose of security can be regarded as essential to the proper functioning of the application, it is different from the purpose of 'business intelligence'," the agency said.

In its opinion, the firm cannot rely on either legitimate interests or consent to process this data.

CNIL argued – as did the WP29 – that consent is not specific to the purpose and is not freely given, because the only way to oppose the use of data is to uninstall the app.

Because of this, and what it perceives as a lack of cooperation from WhatsApp, CNIL said it had decided to issue a formal notice, and make that notice public.

If the firm complies with the law within a month, it will close the procedure against it – if it does not, CNIL could impose a penalty.

Facebook has already got into hot water with European agencies over its takeover of the messaging biz. In May it was fined €110m by the European Commission for saying, incorrectly, that it couldn't automatically and reliably match user profiles on the two platforms.

We have contacted WhatsApp for comment. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee

Enforcing GDPR is expensive work, says watchdog

Campaigners call for immigration exemption in UK's Data Protection Act to be scrapped

Judicial review into law launched

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...

Reel talk: You know what's safely offline? Tape. Data protection outfit Veeam inks deal with Quantum

Magnetic strips barrier to ransomware, burble box-flingers

US tech circles wagons as India reviews data protection proposals

Ex-Cisco CEO-chaired lobby leading the charge

IT management software crowd Kaseya buys cloudy data protection crew Spanning

Private equity holdings shuffle

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Anyone with URL could see lists of case study projects

Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour's Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al