Feb. 24 --The recent multibillion-dollar acquisition of mobile phone messaging application WhatsApp by Facebook Inc. raises privacy concerns over the possible merging of WhatsApp user data with that of Facebook, Thilo Weichert, data protection commissioner for the state of Schleswig-Holstein, told Bloomberg BNA Feb. 24.
Merging user data is a practice strictly regulated by German data protection laws, he said.
“The mixing of data is strictly regulated by German law, especially through the Telemedia Act and the Federal Data Protection Act,” Weichert said. “Both acts rely on the principle of purpose binding, that data stored for one purpose cannot be processed for any other purposes--there are no such restrictions in the U.S.”
Facebook announced in a Feb. 19 statement that it is acquiring the 450-million client WhatsApp for approximately $16 billion, as well as an additional $3 billion in stocks.
The Article 29 Working Party, the European Commission's data protection advisory body, and the data protection authority of the Netherlands are also considering the privacy implications of the WhatsApp deal.
Weichert expressed concern in a Feb. 20 statement that personal data from both Facebook and WhatsApp would be merged and commercially exploited for advertising purposes.
The Facebook acquisition has significant relevance in terms of data protection because some users of WhatsApp had switched to the service to escape the “data behemoth” that is Facebook, Weichert said in the statement. He urged WhatsApp users to leave the service and instead seek more privacy-friendly alternatives.
“Those for whom the confidentiality of private communications is worth something, should rely on trustworthy services,” he said. “These should be companies with an effective data protection regime and transparent technical safeguards such as end-to-end encryption, such as those offered by the Swiss providers Threema or myEnigma,” he said in the statement
WhatsApp data wasn't previously used for commercial purposes, he said. He noted that WhatsApp data weren't stored for long, “whereas Facebook on the contrary stores data for a long time for profiling purposes.” The “fear” is that Facebook's data retention will be applied to WhatsApp data, he said.
He said the Facebook takeover would also make it easier for the U.S. National Security Agency to access WhatsApp user communications data.
Jörg Hladjk of Hunton & Williams LLP, in Brussels, told Bloomberg BNA Feb. 24 that from a data protection authority's perspective, Weichert's concerns are valid.
“I also think it's probably a bit early to gauge the consequences of such a deal. There are a high percentage of users of WhatsApp in Europe and so there is potential for further investigation by the authorities in Europe and particularly in Germany,” he said.
Germany's Telemedia Act allows companies to produce user profiles but only under specific circumstances, he said.
The statute allows service providers to profile users “for the purposes of advertising, market research or in order to design the telemedia in a needs-based manner,” but only if the profile is “based on pseudonyms” and only if “the recipient of the service does not object.”
Hladjk said the legal provision on profiling is unique to German law, although it is being discussed as part of negotiations for the proposed European Union data protection regulation.
The acquisition is also likely to reignite the debate over whether German or Irish data protection law applies to Facebook, Hladjk said.
On Feb. 14, 2013, the Schleswig-Holstein Administrative Court ruled against the Schleswig-Holstein Data Protection Authority, finding that Irish data protection law, rather than German law, was applicable to Facebook Ireland Ltd because data from the EU and the rest of the world--outside of the U.S. and Canada--are processed on servers located in Ireland (12 PVLR 1915, 11/11/13).
A German regional court has, however, ruled that having a subcontractor working within Germany was sufficient to find that Facebook USA had a “significant presence” in Germany (see related report).
A spokesman for Facebook told BNA Feb. 24 that WhatsApp would “continue to operate independently and would honor its current policies and commitments to user privacy and security.”
Jacob Kohnstamm, who heads the Dutch DPA, told Bloomberg News Feb. 24 that the regulator is investigating data protection issues related to Facebook's takeover of WhatsApp.
The Art. 29 Party, which includes representatives from the 28 EU member states, may also look into the matter, Kohnstamm, who until Feb. 27 was the chairman of the Art. 29 group (see related report), said.
The risk with such a large database of consumer information is that “it is tempting to use” the information for a completely different purpose than that for which it was collected, he said.
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)