European watchdogs warn WhatsApp, Yahoo on privacy

BRUSSELS: European privacy watchdogs have warned WhatsApp over sharing user information with parent company Facebook, and cautioned Yahoo over a 2014 data breach and scanning of customer e-mails for US intelligence purposes.
The popular messaging service’s recent change in privacy policy to start sharing users’ phone numbers with Facebook — the first policy change since WhatsApp was acquired by Facebook in 2014 — has attracted regulatory scrutiny in Europe.
The Italian antitrust watchdog also announced a separate probe into whether WhatsApp obliged users to agree to sharing personal data with Facebook.
The European Union’s 28 data protection authorities said in a statement they had requested WhatsApp stop sharing users’ data with Facebook until the “appropriate legal protections could be assured” to avoid falling foul of EU data protection law.
WhatsApp’s new privacy policy involves the sharing of information with Facebook for purposes that were not included in the terms of service when users signed up, raising questions about the validity of users’ consent, the authorities, known as the Article 29 Working Party (WP29), said.
A spokeswoman for WhatsApp said the company was working with data protection authorities to address their questions.
“We’ve had constructive conversations, including before our update, and we remain committed to respecting applicable law,” she said.
Facebook has had run-ins with European privacy watchdogs in the past over its processing of users’ data. However, the fines that regulators can levy are paltry in comparison to the revenues of the big US tech companies concerned.
The EU data protection authorities also wrote to Yahoo over a massive data breach that exposed the e-mail credentials of 500 million users, as well as its scanning of customers’ incoming e-mails for specific information provided by US intelligence officials.
Yahoo said they were aware of the letter and would work to respond as appropriate.
The watchdogs asked Yahoo to communicate all aspects of the data breach to the EU authorities, to notify the affected users of the “adverse effects” and to cooperate with all “upcoming national data protection authorities’ enquiries and/or investigations.
“The reports (about e-mail scanning) are concerning to WP29 and it will be important to understand the legal basis and justification for any such surveillance activity, including an explanation of how this is compatible with EU law and protection for EU citizens,” the watchdogs said in their letter to Yahoo.
The regulators will discuss the Yahoo and WhatsApp cases in November.