The Article 29 Working Party (WP29), which acts as a European watchdog on data protection issues, has issued a stark warning to a leading messaging app about its sharing of user data with parent company Facebook.
Susan Hall, a Partner and specialist lawyer in intellectual property and information technology at national firm Clarke Willmott LLP, said this signals willingness on the part of the regulator to take the fight to these huge corporations.
Susan said: “WhatsApp’s “take it or leave it” approach to data gathering clearly fails to meet the standard for valid consent, which has to be unambiguous, specific, informed, freely given and capable of being withdrawn at any time.
“This warning is a taste of things to come under the new EU General Data Protection Regulations which come into force in May 2018. All businesses will be subject to these regulations, notwithstanding Brexit, if they hold or process the personal data of EU residents, so in the light of this extra-territorial flexing of muscles by the EU, social media providers need to remember there’s no place to hide. They must abide by the regulations.
“In its latest letter the WP29 makes an oblique reference to the General Data Protection Regulation which will give data protection authorities the power to fine organisations for egregious breaches of data protection up to 4% of global turnover (this would amount to about $1.11bn based on Facebook’s 2016 figures).
“While authorities such as our own Information Commissioner’s Office (ICO) have pointed out that the point of the GDPR is not really the fines, but putting data protection on a footing fit for the 21st century, it seems fair to assume that in the case of WhatsApp and
Facebook, the European Commission’s patience is running out.”
A taskforce has now been launched by the WP29 to implement “a clear, comprehensive resolution” to comply with EU law. The taskforce will be led by the UK’s ICO.
Susan continued: “This letter comes a year after the first warning was issued and a number of months after the European Commission came down like a ton of bricks on Facebook about its failure to keep its WhatsApp and Facebook businesses separate, sending a clear message to social media providers that they are watching them.
“Even when Brexit occurs, it’s been clearly signalled by the ICO that in order to facilitate working sensibly within the EU after Brexit, any new regime in the UK is likely to remain very close to the GDPR, so it would be sensible to regard this decision as a having long-term implications for everyone who handles personal data in the UK or in the EU.”
Susan Hall is a partner in the intellectual property team at Clarke Willmott LLP specialising in intellectual property and information and communications technology.
Clarke Willmott LLP was established in 1888 and has grown to be one of the UK’s leading law firms with offices in Bristol, Birmingham, Cardiff, London, Manchester, Southampton and Taunton. Clarke Willmott provides support on a broad range of legal services to individuals and businesses, with a focus on the most involved and complex matters.
For more information about Clarke Willmott visit www.clarkewillmott.com