France gives WhatsApp a month to get slurps in order or face fine

Regulator questions legality of transferring data to Facebook

By Rebecca Hill


The French information watchdog has told WhatsApp it has a month to comply with data protection laws, or risk being fined.

European data protection agencies have become increasingly frustrated with the slurp-happy attitude of the messaging app and parent company Facebook since its privacy policy changed last summer.

The policy stated that data farmed by WhatsApp could be sent over to the Zuckerborg for targeted advertising, security and business intelligence purposes.

But it had to put this data harvest on hold in the EU after the group of data protection bodies – known as the Article 29 Working Party (WP29) – questioned its legality on this side of the pond.

This summer the biz added a "notice for EU users", but that did little to placate the group, which said in October that it doesn't it "sufficiently address the issues of non-compliance".

That group, though, doesn't have enforcement powers in its own right, so it is up to the individual agencies to take such action.

The French agency, CNIL, has now done so, issuing the biz with an ultimatum: address its concerns or risk a fine.

In a statement, the CNIL takes issue with the firm's processing of data for business intelligence.

"If the purpose of security can be regarded as essential to the proper functioning of the application, it is different from the purpose of 'business intelligence'," the agency said.

In its opinion, the firm cannot rely on either legitimate interests or consent to process this data.

CNIL argued – as did the WP29 – that consent is not specific to the purpose and is not freely given, because the only way to oppose the use of data is to uninstall the app.

Because of this, and what it perceives as a lack of cooperation from WhatsApp, CNIL said it had decided to issue a formal notice, and make that notice public.

If the firm complies with the law within a month, it will close the procedure against it – if it does not, CNIL could impose a penalty.

Facebook has already got into hot water with European agencies over its takeover of the messaging biz. In May it was fined €110m by the European Commission for saying, incorrectly, that it couldn't automatically and reliably match user profiles on the two platforms.

We have contacted WhatsApp for comment. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Anyone with URL could see lists of case study projects's Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al

UK regulator moots data protection sandbox for organisations to play in

ICO strategy outlines plans to slurp up academic expertise

Austrian privacy chief handed leash to EU's data protection beast

Group warms up for greater powers once GDPR hits

Facebook smartmobe app's pre-ticked privacy settings violate German data protection law

Court favours consumer group in long-running dispute

Don't sweat Brexit, big biz told: Your shiny data protection sticker will remain intact

Survey reveals GDPR training and investment is on the rise told: Scrap immigration exemption from Data Protection Bill or we'll see you in court

Campaigners say proposed law would create a 'discriminatory' system for data access rights