A day later, the UK Information Commissioner’s Office (ICO) announced that it would look into these changes. Subsequently, the Article 29 Working Party (a group of representatives from the data protection authorities of each EU member) wrote to WhatsApp with its concerns and, in Germany, Facebook has been ordered to stop collecting and storing the data of German users of WhatsApp.
Update from the ICO
Elizabeth Denham (UK Information Commissioner at the ICO) recently provided an update. The key points were that she thought that:
Whilst Facebook has agreed to stop using the data of UK WhatsApp users temporarily (for the purposes of adverts or product improvement), Facebook (and WhatsApp) has not agreed (so far) to sign undertakings that it will provide this above information and control to users. Ms Denham wrote that the ICO will continue pressing this issue together with other European data protection authorities and warned that Facebook may face enforcement action if it does not have valid consent.
In the EU, personal data must be processed fairly and lawfully and cannot be processed unless at least one of certain conditions is met. One of these conditions is to obtain the freely given, specific, unambiguous and informed consent of the person whose data is being processed. Furthermore, personal data will not be processed fairly unless, as far as practicable, the person has been given certain information, including the intended purpose that the data is to be processed for and any further information that may be necessary in the circumstances so that the processing is fair. The ICO is considering whether WhatsApp users were provided with sufficient information and whether they gave sufficient consent.
A new General Data Protection Regulation (GDPR) will apply to EU members in 2018. Despite Brexit, British businesses that trade with EU citizens and businesses and deal in their personal data will have to comply with the GDPR. For information on how Briffa can help you with data protection issues contact us or arrange for a meeting on +44 (0)20 70962779.
Transferring personal data between the EU and the US just got a little bit easier
Last month, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework. The decision means that the European Commission is now satisfied that the US ensures an…
We’ll start with a no obligation chat where we’ll get to know you and understand your current challenges.
Book your free consultation now