The GDPR a Factor in the Future of WhatsApp User Data Sharing With Facebook

Whatsapp Facebook User Data SharingWhatsApp has agreed not to share its users’ personal data with Facebook, its parent company, until the European Union’s General Data Protection Regulation (GDPR) is in force. It has also agreed that, if it continues with data sharing with Facebook for other purposes, it will be in accordance with the GDPR. This comes in response to the result of the U.K.’s Information Commissioner’s Office (ICO) investigation, which looked into the terms of the data sharing.

WhatsApp had to halt its plans to share user data with Facebook in 2016, when various groups raised concerns about its updated privacy terms and conditions. The new policy included sharing of user data with Facebook for certain purposes. The ICO launched a full investigation on the case that same year, with France and Germany following in its steps.

Ensuring lawful data sharing

The ICO found no lawful basis for the data sharing and that WhatsApp had failed to provide adequate information to its users regarding the sharing of their personal data. The planned data sharing would have also been incompatible with the original purpose for which existing users had provided personal data. Had such a data sharing taken place between the two companies, it would have been a breach of the U.K.’s current Data Protection Act (DPA). It should be noted that an updated Data Protection Bill (DPB) is now in Parliament to ensure U.K. laws are in line with the GDPR.

According to the ICO, it would not impose fines as no breach had been committed. WhatsApp gave its assurance that no U.K. user data had been shared with Facebook for purposes other than that of being a data processor of the company. The DPA — as well as the GDPR — does not prohibit data sharing per se as long as organizations follow legal requirements.

[Watch Trend Micro’s own journey to GDPR compliance on GDPR Video Case Study]

Steps to GDPR compliance

At present, Facebook and WhatsApp are already making changes toward GDPR compliance. Facebook has made privacy policy changes. These include providing tools for users to control and protect their privacy on the social network. Similarly, WhatsApp has been working on a data privacy option for its users. Once the update is rolled out, users will have the ability to download their account data in the form of a report, in accordance with the right to data portability of the GDPR. The ICO notes that it will continue to monitor the changes WhatsApp will be making to its privacy policy and terms and conditions and will observe how the company will fare under the stronger rules of consent of the GDPR.

The GDPR as a data protection regulation does not completely prevent data sharing between organizations. However, it does set up standards for a safer, more transparent process of data sharing and transfer, with a focus on ensuring that users consent specifically to that sharing. As in the case of WhatsApp and Facebook, compliance with data-relevant regulations will play a big role in the future of data processing and sharing. The GDPR may pose a challenge for the continuity of data sharing between organizations, considering the stronger influence of user consent and transparency on data processing under it. Given that GDPR is a broader and stricter data regulation, compliance issues should be resolved with these in mind.

Organizations worldwide need to abide by GDPR’s comprehensive set of regulations to ensure sufficient protection over EU citizen data. This includes becoming better protected against cyberthreats and incorporating “state-of-the-art security” in data processing and protection. Aside from establishing well-defined roles, policies, and processes on data collection, processing, and transfer, another step in the right direction for organizations is using cybersecurity solutions that can protect the entire enterprise from cyberthreats.

Trend Micro solutions, powered by XGen™ security, deliver state-of-the-art security capabilities that can be used to help address GDPR compliance. Trend Micro™ XGen™ security provides a cross-generationalblend of threat defense techniques against a full range of threats for data centerscloud environmentsnetworks, and endpoints. It features multiple advanced capabilities, including high-fidelity machine learning, to secure gateway and data, and seamlessly protects physical, virtual, and cloud workloads. With additional capabilities like web/URL filtering, behavioral analysis, and custom sandboxing, XGen protects against today’s purpose-built threats that bypass traditional controls and exploit known, unknown, or undisclosed vulnerabilities. Smart, optimized, and connected, XGen powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.

Visit our GDPR information page for helpful tips and cases studies on GDPR preparedness.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Online Privacy