When it comes to online privacy, the European data protection authorities tend to be quite interventionist as they try to police the movement of personal data within and out of the EU. The concerns over the Safe Harbor and Privacy Shield frameworks are one manifestation of this. Another is the increasing EU scrutiny of Facebook’s purchase of WhatsApp.
A couple of years after Facebook acquired WhatsApp, the latter announced that it was updating its terms and privacy policy so as to allow user data to be transferred to its parent company. Johannes Caspar, the Commissioner for Data Protection and Freedom of Information in Hamburg, where Facebook has its German headquarters, was unhappy with that move. He saw it as harmful to users’ privacy, not least because there was no way to opt out of the data sharing. In September last year, he ordered Facebook to stop collecting data from WhatsApp, and to delete anything it had already brought across. Facebook appealed against the decision, and the Administrative Court of Hamburg has now handed down its ruling, which is to deny the US giant’s request for Caspar’s order to be revoked (pdf):
Facebook has appealed to the administrative court against the order in the preliminary proceedings. The goal was to repeal the immediate enforcement. The court rejected this request today and clarified the fact that it does not see any legal basis for the planned data exchange. Facebook can not invoke interests of its own business because the complete data exchange is neither necessary for the purpose of network security or business analysis nor for advertising optimization. Furthermore, the court clarifies that there is no effective consent from WhatsApp users for a data exchange with Facebook. As a result, the administrative court is making a clear consideration in the context of the preliminary legal proceedings: the interests of the approximately 35 million German WhatsApp users predominates the economic interest of Facebook in a suspension of immediate enforceability.
That’s not the only problem Facebook faces in Europe. A little while after WhatsApp announced that it would be consolidating its user data with Facebook, the European Commission sent what is called a “Statement of Objections” to Facebook, alleging that:
the company provided incorrect or misleading information during the Commission’s 2014 investigation under the EU Merger Regulation of Facebook’s planned acquisition of WhatsApp.
The problem is that:
When reviewing Facebook’s planned acquisition of WhatsApp, the Commission looked, among other elements, at the possibility of Facebook matching its users’ accounts with WhatsApp users’ accounts. In its notification of the transaction in August 2014 and in a reply to a request of information, Facebook indicated to the Commission that it would be unable to establish reliable automated matching between the two companies’ user accounts.
Once WhatsApp and Facebook started carrying out precisely that kind of automated data matching last year, the Commission naturally wondered whether Facebook had been totally frank in its answers. The company had until January 31 to explain itself, and the Commission is now deciding whether it feels it was given misleading information. If it does, the consequences may be quite costly. Under EU law, Facebook could be fined 1% of its global turnover — which would amount to around $179 million based on 2015 revenues. On its own, that probably wouldn’t be too much of a problem for the deep-pocketed company. But combined with the ruling in Germany, and the possibility that data protection authorities in other countries will follow suit — the law is the same throughout the EU, after all — these European concerns about privacy are turning into a major a headache for Facebook.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Permalink | Comments | Email This Story
Go to Source
Author: Glyn Moody