Facebook Inc fled a possible ban on the use of WhatsApp customer data by the European Union but faces an investigation into new terms and services that have sparked outrage among consumer rights activists.
The European Data Protection Board, a panel of EU authorities, on Thursday said that Facebook’s practices related to WhatsApp data should be checked “as a priority” by Ireland’s privacy watchdog, its main regulator in the region.
“Given the high likelihood of violations particularly for the purposes of security, safety and integrity of WhatsApp” and other Facebook units “EDPB considers that this matter requires further investigation”, the EU body said in a statement.
WhatsApp announced a policy change in January, but had to delay its introduction until May, due to confusion and user reactions about what data the messaging service collects and how it shares that information with parent Facebook.
Earlier this week, user rights activists filed a complaint against WhatsApp over alleged “aggressive” policy violations that remain “obscure”.
In a decision on Thursday, the EDPB stopped imposing a temporary EU -wide ban on data access, as requested by Hamburg’s data privacy commissioner.
German authorities in May imposed a three -month ban order on Facebook to stop it collecting German user data from its WhatsApp unit, and asked EU regulators to take a decision across the block.
The decision is currently stuck in EU dispute resolution procedures, failing to get the full support of all European data monitors.
Irish authorities said it “will consider any appropriate regulatory follow-up where it identifies matters that could be found in EDPB’s decisions not yet addressed” in an earlier WhatsApp investigation. He added that his party was also still working on a “separate and complaint -based investigation” into the “legal basis on which WhatsApp relies to process” and “the investigation is also at an advanced stage”.
Under the EU General Data Protection Regulation, authorities are given unprecedented power to fine companies by 4% of their annual sales. The rules also set out a system that places supervisors based at selected EU centers of companies tasked with overseeing them, which has created tensions as the Irish office struggles with a number of investigations and colleagues elsewhere accuse it of being too late.
The Irish Data Protection Commission has at least 28 investigations into Silicon Valley giants, including Apple Inc and Google – all of which have their EU bases in Ireland. Facebook accounted for nine of these investigations and more await the results of its WhatsApp and Instagram businesses.
WhatsApp said that it welcomed the decision not to extend the order of German regulators across the EU, saying that it was “based on a fundamental misunderstanding about the purpose and impact of our terms of service update”.
“We remain fully committed to delivering peaceful and private communications for everyone and will work with the Irish Data Protection Commission as our main regulator in the region to fully address the questions raised by EDPB,” WhatsApp said.
Johannes Caspar, until recently, Hamburg’s data protection commissioner, who called for a decision across the EU, said by email that he regretted the EDPB’s “lack of courage” to not see the urgency in the case despite “substantial doubts”, he said having about Facebook’s data processing. – Bloomberg