Listen Download Podcast
  • RFI English News flash 04h00 - 04h10 GMT Mon-Fri
    News bulletin 10/21 04h00 GMT
  • Paris Live AM 04h10 - 04h30 GMT Mon-Fri
    Features and analysis 10/21 04h10 GMT
  • RFI English News flash 05h00 - 05h10 GMT Mon-Fri
    News bulletin 10/21 05h00 GMT
  • Paris Live AM 05h10 - 05h30 GMT Mon-Fri
    Features and analysis 10/21 05h10 GMT
  • RFI English News flash 06h00 - 06h10 GMT Mon-Fri
    News bulletin 10/21 06h00 GMT
  • Paris Live AM 06h10 - 06h30 GMT Mon-Fri
    Features and analysis 10/21 06h10 GMT
  • RFI English News flash 06h30 - 06h33 GMT Mon-Fri
    News bulletin 10/21 06h30 GMT
  • Paris Live AM 06h33 - 06h59 GMT Mon-Fri
    Features and analysis 10/21 06h33 GMT
  • RFI English News flash 07h00 - 07h10 GMT Mon-Fri
    News bulletin 10/21 07h00 GMT
  • RFI English News flash 07h30 - 07h33 GMT Mon-Fri
    News bulletin 10/21 07h30 GMT
  • RFI English News flash 14h00 - 14h03 GMT Sat-Sun
    News bulletin 10/20 14h00 GMT
  • RFI English News flash 14h00 - 14h06 GMT Mon-Fri
    News bulletin 10/19 14h00 GMT
  • Paris Live Weekend 14h03 - 14h30 GMT Sat-Sun
    Features and analysis 10/20 14h03 GMT
  • Paris Live PM 14h06 - 14h30 GMT Mon-Fri
    Features and analysis 10/19 14h06 GMT
  • RFI English News flash 14h30 - 14h33 GMT Mon-Fri
    News bulletin 10/20 14h30 GMT
  • Paris Live PM 14h33 - 14h59 GMT Mon-Fri
    Features and analysis 10/20 14h33 GMT
  • RFI English News flash 16h00 - 16h03 GMT Sat-Sun
    News bulletin 10/20 16h00 GMT
  • RFI English News flash 16h00 - 16h06 GMT Sat-Sun
    News bulletin 10/19 16h00 GMT
  • Paris Live Weekend 16h03 - 16h30 GMT Sat-Sun
    Features and analysis 10/20 16h03 GMT
  • RFI English News flash 16h30 - 16h33 GMT Mon-Fri
    News bulletin 10/20 16h30 GMT
  • Paris Live Weekend 16h33 - 17h00 GMT Sat-Sun
    Features and analysis 10/20 16h33 GMT
To take full advantage of multimedia content, you must have the Flash plugin installed in your browser. To connect, you need to enable cookies in your browser settings. For an optimal navigation, the RFI site is compatible with the following browsers: Internet Explorer 8 and above, Firefox 10 and +, Safari 3+, Chrome 17 and + etc.
France

French privacy watchdog tells Whatsapp to stop sharing data with Facebook

media France’s National Data Protection Commission (Cnil) has ruled that Whatsapp's sharing of user data with Facebook was in breach of French and European privacy laws. Pixabay

France’s privacy regulator on Monday gave the instant messaging application Whatsapp one month to comply with its order about sharing personal data with Facebook, in a decision that comes as European regulators prepare to tighten the rules on data privacy.

Whatsapp has access to email addresses and phone numbers, images and other media shared over the service, as well as information on when and where the application is used.

Facebook purchased the company in 2014, and Whatsapp updated its terms of service in 2016 to say it would transfer that kind of data to its new parent company.

Following an investigation, France’s National Data Protection Commission (Cnil) ruled that was in breach of French and European privacy laws.

“Users are not well enough informed, their consent is not requested, and they have no opportunity to oppose the transfer” of data, says Mathias Moulin, Cnil’s deputy director in charge of rights protection and sanctions.

“There are two major infringements, the first concerns the lack of legal basis for the transfer and the second one is related to the cooperation of Whatsapp. We consider they did not provide us with all the information we requested during the investigation.”

Whatsapp has a month to notify and give users options about the sharing of data if it wants to avoid a procedure that could lead to a fine of up to 3 million euros.

While that amount is a drop in the ocean considering Facebook’s revenue, Whatsapp on Tuesday showed some concern about the issue.

“Privacy is incredibly important to WhatsApp. It’s why we collect very little data, and encrypt every message,” a spokesperson told media.

“We will continue to work with the Cnil to ensure users understand what information we collect, as well as how it’s used.”

Merging of databases

Data sharing is a primary concern of digital rights and consumer advocates, especially when it comes to web giants like Facebook, Google and Amazon.

“If you live in a world where you don’t have control over your personal data, then that’s a world that raises security risks, privacy risks, and leaves you in a situation where companies generally know much more about you than you know about yourself,” says Joe McNamee of advocacy group European Digital Rights.

“[Whatsapp] were bought by Facebook and the database of Whatsapp was integrated with the database of Facebook,” he explains. “The amount of privacy intrusion that is generated from merging two databases is almost on an exponential scale, bigger than each of the databases themselves.”

Cnil’s investigation concerned three reasons given by Whatsapp for the use of personal data: security updates, which Cnil accepted; targeted advertising, which Cnil rejected but for which Whatsapp complied; and business intelligence, a term having to do with evaluation and implementation of services and whose vagueness was of concern to Cnil as well as advocates.

“This is an extremely broad and vague concept that would not allow a clear indication of the real purpose for which this data is being collected,” says Agustin Reyna, senior legal officer in the digital rights department of the European Consumer Organisation.

Power of dissuasion

The case could prove to be a precursor to others of its kind as the European Union-wide set of guidelines, the General Data Protection Regulation, is set to come into force in May 2018.

“There are very strict and concise rules,” says Agustin Reyna, senior legal officer in the digital rights department of the European Consumer Organisation.

“For example, the provision of vast amounts of personal data cannot be a condition to access the service,” Reyna continues, noting the new regulations are “a very important signal that the governments and the agencies have given to the market players, so they adapt in order to avoid fines and being found in infringement of the law.”

Because in addition to providing a framework for data protection across EU states, the new regulations would also increase the amount of financial penalties that could be laid against companies found to be in breach of privacy rules.

“Traditionally, big companies like to delay justice by as many appeals of possible, and also to use up the resources of the regulators that are trying to enforce the law,” says Joe McNamee.

“But the level of dissuasion that will be generated by the new rules should make it much more effective to protect citizen security and privacy.”

 

Related
 
Sorry but the period of time connection to the operation is exceeded.