WhatsApp just agreed not to share the personal information of its users in the European Union with Facebook until it can comply with the General Data Protection Regulation (GDPR), which will be enforced in May. It isn’t a permanent commitment, and there are a few noteworthy exceptions, but it’s good news for WhatsApp users who give a damn about their privacy.
Photo: Getty
This change is the result of an investigation conducted by UK’s Information Commissioner’s Office (ICO). The ICO launched an investigation in August 2016 after WhatsApp updated its terms of service and privacy policy to note that the service would share users’ personal information with Facebook, which acquired the messaging app in 2014. This raised concerns, given WhatsApp has been around since 2009, meaning Facebook would have access to personal data from before it purchased the company.
“People have a right to have their personal data kept safe, only used in ways that are properly explained to them, and for certain uses of their data, to which they expressly consent,” Information Commissioner Elizabeth Denham wrote in a post on Wednesday. “This is a requirement of the Data Protection Act.”
WhatsApp’s agreement with the ICO states that the service won’t share any EU user data with Facebook, or any Facebook company, ahead of the GDPR. But there are a few significant caveats: After the GDPR comes into force, WhatsApp can share user data with Facebook or a Facebook company “for safety and security purposes” as well as to help inform the company how to improve its products and advertising, according to the undertaking. These exceptions still need to comply with GDPR regulations.
It remains to be seen whether Facebook and WhatsApp will push back on or try to circumvent regulations for that sweet data come May.