Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Privacy Watchdog Says Facebook Agrees To Suspend Using WhatsApp Users' Data (reuters.com)

Posted by msmash on from the compliance-with-authority dept.

Facebook's decision to change WhatsApp's privacy policy hasn't gone down well with many. While Facebook didn't even flinch when several people requested that the company shouldn't break its original promise of not sharing any data with Facebook, the social juggernaut has -- for whatever reason -- decided to comply with Britain's privacy watchdog's advisory. The watchdog said Monday that Facebook has agreed to suspend using data from UK users of its WhatsApp app. From a Reuters report: The watchdog said the social media giant faces action if it uses such data without valid consent. The Information Commissioner's Office (ICO) had said in August that it would monitor WhatsApp's new privacy policy, after WhatsApp, acquired by Facebook in 2014, said it would share user data with its parent company. "We're pleased that they've agreed to pause using data from UK WhatsApp users for advertisements or product improvement purposes," the head of ICO, Elizabeth Denham, said in a statement. "If Facebook starts using the data without valid consent, they may face enforcement action from my office," she said. The regulator said it had also asked Facebook and WhatsApp to sign an undertaking committing to better explaining to customers how their data would be used and to give them ongoing control over the information. However, the companies have so far not agreed.

18 comments

  1. How does this work when... by unixisc · · Score: 1

    .... I have a WhatsApp account, but no Facebook account?

    1. Re:How does this work when... by Calydor · · Score: 3, Insightful

      Everyone has a Facebook account, at least from Facebook's point of view. When you sign up for Facebook you gain access to all the stuff they already know about you.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re: How does this work when... by Anonymous Coward · · Score: 0

      You don't really get access to that information when you make an account. You just get goaded into providing them still more information.

    3. Re:How does this work when... by Xest · · Score: 2

      Which if true, in the (and in fact, I believe any European country) would in itself be illegal.

      In the UK It's illegal for an organisationto hold data on you without your consent unless it falls into a handful of exemptions - law enforcement, credit rating and so forth. Facebook falls into none of these exemptions, therefore shadow profiles on anyone who has not signed up and agreed to the T&Cs would be entirely illegal. There's no legal mechanism for Facebook to retrieve, acquire, or store that unconsented data.

  2. And tomorrow ... by Calydor · · Score: 2

    "We are terribly sorry, but we no longer offer service in the United Kingdom. Blame the ICO, not us!"

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:And tomorrow ... by unixisc · · Score: 1

      ...and the peasants rejoiced

  3. Use and Abuse by Anonymous Coward · · Score: 0

    For now. In the meanwhile Facebook's only going to abuse WhatsApp users' data. Business as usual.

  4. Also a violation of Canadian Constitution by WillAffleckUW · · Score: 1

    Just as with the CSIS ruling last week, the WhatsApp data transfer is a clear violation of the Canadian Charter of Rights and Freedoms privacy elements of the Canadian Constitution. Unlike the UK, Canada has a very recent Constitution and it has specific rights of privacy.

    This does not restrict specific warrants for specific people who are part of an active investigation, but does apply to all bulk data and metadata collection, usage, and transfer.

    Expect challenges to be filed and rulings for that.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Also a violation of Canadian Constitution by Xest · · Score: 2

      "Unlike the UK, Canada has a very recent Constitution and it has specific rights of privacy."

      The UK has rights of privacy via both the Universal Declaration of Human Rights, and the European Convention on Human Rights implemented as the Human Rights Act.

      We just don't do such things in constitutions, because it's not clear they have ever actually worked as originally intended - the US constitution gives gun rights, but depending where you are in the US there are restrictions, most people agree with the advent of nuclear weapons that they shouldn't be covered, so there is some overarching limitation on the legislation - net result, what was written a few hundred years ago now needs to be changed, better to recognise that and do it properly than to have some fixed unchanging thing that ultimately just gets surrounded by fudged solutions or just outright ignored by government when it stops making sense. Otherwise you just end up by people picking and choosing when people should and shouldn't listen to the constitution to suit their current political bias and you just end up with an entirely needless legal quagmire and a whole lot of shouting. When you just have a clear set of adaptable laws and don't pretend one group of people's words are perfect and indefinitely immaculate through time it's pretty clear what the status quo is and what needs to change if anything does at any point. If we wanted that we'd probably just stick to wot the the bible sez or something equally daft.

  5. Database Import Complete by Anonymous Coward · · Score: 0

    Sure, we'll stop using the "WhatsApp" data.
    We'll just stick to our own data from now on.

  6. because by Anonymous Coward · · Score: 0

    they have already mined it, refined it and reconstructed it elsewhere in a new model , so what does it harm them to comply.

  7. Data protection. by ledow · · Score: 4, Informative

    "For whatever reason"

    It's called breaking the fucking law otherwise.

    Data Protection Act attracts huge fines and is very clear about what is personal data, what you can do with it (nothing without explicit permission), and who's responsible if they don't.

    When they are fining HOSPITALS hundreds of thousands of pounds for failing to protect even the most basic data, Facebook would have been on the receiving end of millions of pounds worth of fines almost instantly.

    Yet again, EU and UK data protection law is well-worded and will bite you in the arse. Something the US doesn't seem to understand.

    1. Re:Data protection. by WillAffleckUW · · Score: 2

      As in billion dollar fines.

      No, that wasn't a joke.

      --
      -- Tigger warning: This post may contain tiggers! --
    2. Re:Data protection. by namgge · · Score: 2

      The fines are quite large, up to 500 000 UKP at the moment but there aren't many of them issued in a given year.

      On the horizon, however, is this:

      http://data.consilium.europa.e...

      The EU General Data Protection Regulation (GDPR), which comes into force in 2018 with maximum fines of the larger of 20 million euros or 4% of global turnover.

      No one knows how this will affect a post-Brexit UK, but if you do business in the EU it's not too soon to get your house in order.

  8. India by manu0601 · · Score: 1

    Perhaps they comply because they had a a court order about this in India.

  9. EU by tsa · · Score: 1

    The EU is also breathing down FB's neck about this. They're in for a rough time.

    --

    -- Cheers!

    1. Re:EU by Xest · · Score: 1

      The UK's data protection act is based on Europe's European Data Protection Directive anyway, it's the UK's implementation of it, so you can be fairly well rest assured that the rest of the EU will reach the same conclusion. The DPA doesn't really go much over and above the DPD.

  10. Facebook agrees to suspend using *UK* user data... by Anonymous Coward · · Score: 0

    Note the wording here - they agreed to stop using data from UK users. They did not agree to stop using data from those of you in Germany, or the US, or Brazil, or anywhere else. This means that in the event that you talk to people not in your country (which is quite likely, and is one of the nice things about the modern world), Facebook is still harvesting all that juicy connectivity metadata about you. They just need to get through another layer of abstraction to do it - something with which they already have a great deal of experience.