The UK’s data protection watchdog has ruled that it would have been illegal for WhatsApp to share private user-data with parent company Facebook. The ruling brings to an end a long-standing investigation into WhatsApp’s data-sharing policy, which started in late 2016, when the Information Commissioner’s Office (ICO) ordered the messaging app to stop sharing personal data with Facebook, which bought the messaging app in 2014.
According to information commissioner, Elizabeth Denham, “WhatsApp has not identified a lawful basis of processing for any such sharing of personal data”, and any such sharing “would have been in contravention of the first and second data protection principles of the Data Protection Act”.
Denham also stated that WhatsApp has assured the agency that no UK user data has ever been shared with Facebook in violation of UK or EU law. The company also signed an undertaking declaring that it will only share data from EU users with Facebook as long as the process is in compliance with the General Data Protection Regulation (GDPR) that comes into effect on May 25.
It’s worth mentioning here that it’s not just the UK that’s been investigating WhatsApp for its data-sharing practices. Data protection agencies throughout the EU have expressed severe concerns over the company allegedly sharing private user-data with Facebook.
France is one of the countries that takes its data protection laws very seriously, and in December, its own data protection agency, commission Nationale de l’Informatique et des Libertés (CNIL), issued an ultimatum to WhatsApp to stop sharing user data with Facebook, or face sanctions. The watchdog back then had accused the company of violating its obligation to cooperate with CNIL, and not ‘properly’ obtaining consent from users before sharing their phone numbers with Facebook.