WhatsApp breach data privacy laws

WhatsApp, the popular mobile app that process over 1 billion user messages daily, has been criticised by privacy regulators over the way it stores the phone numbers of non-users without their permission.

Canadian and Dutch regulators found that WhatsApp automatically scans the address book of most of its users when they sign up to the app.

They criticised the firm for transmitting all the stored phone numbers to the WhatsApp servers, but failing to delete the ones belonging to people who had not signed up to the service.

The Dutch Data Protection Authority said that it will now decide whether to take “further enforcement actions” against WhatsApp following the investigation, as there is scope to impose sanctions under Dutch privacy law.

The Office of the Privacy Commissioner of Canada said that it will just monitor WhatsApp’s progress in changing its privacy policy, as the watchdog does not have the power to take things further.

 

The two regulators launched a joint investigation into WhatsApp on January 26, 2012.

At the time, they said that they had “reasonable grounds” to believe that the firm was “collecting, using, disclosing and retaining personal information” in a manner contrary to laws in both countries.

California-based WhatsApp Inc owns and operates “WhatsApp Messenger”, an app that allows users to exchange text, video, audio and media messages over the internet rather than using traditional SMS or MMS. The app is available on Apple’s iPhone, Google Android devices and RIM’s BlackBerry.

Whilst WhatsApp was found to have taken steps to improve its privacy practices over the past year, including message encryption and more secure password generation, the regulators said that it was still breaking Dutch and Canadian laws “in relation to the retention, safeguard, and disclosure of personal data”.

Jennifer Stoddart, the privacy commissioner of Canada, said that the “world-first” investigation has led to WhatsApp “making and committing to make further changes in order to better protect users’ personal information”.

However, Dutch Data Protection Authority chairman Jacob Kohnstamm warned that they are “not completely satisfied yet”.

“The investigation revealed that users of WhatsApp – apart from iPhone users who have iOS 6 software – do not have a choice to use the app without granting access to their entire address book,” he said.

“The address book contains phone numbers of both users and non-users. This lack of choice contravenes (Dutch and Canadian) privacy law.

“Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp.”

WhatsApp had not yet commented on the report.