UK Privacy Watchdog Says Facebook Agrees To Suspend Using WhatsApp Users' Data (reuters.com) 18
Facebook's decision to change WhatsApp's privacy policy hasn't gone down well with many. While Facebook didn't even flinch when several people requested that the company shouldn't break its original promise of not sharing any data with Facebook, the social juggernaut has -- for whatever reason -- decided to comply with Britain's privacy watchdog's advisory. The watchdog said Monday that Facebook has agreed to suspend using data from UK users of its WhatsApp app. From a Reuters report: The watchdog said the social media giant faces action if it uses such data without valid consent. The Information Commissioner's Office (ICO) had said in August that it would monitor WhatsApp's new privacy policy, after WhatsApp, acquired by Facebook in 2014, said it would share user data with its parent company. "We're pleased that they've agreed to pause using data from UK WhatsApp users for advertisements or product improvement purposes," the head of ICO, Elizabeth Denham, said in a statement. "If Facebook starts using the data without valid consent, they may face enforcement action from my office," she said. The regulator said it had also asked Facebook and WhatsApp to sign an undertaking committing to better explaining to customers how their data would be used and to give them ongoing control over the information. However, the companies have so far not agreed.
How does this work when... (Score:2)
Re:How does this work when... (Score:4, Insightful)
Everyone has a Facebook account, at least from Facebook's point of view. When you sign up for Facebook you gain access to all the stuff they already know about you.
Re: (Score:3)
Which if true, in the (and in fact, I believe any European country) would in itself be illegal.
In the UK It's illegal for an organisationto hold data on you without your consent unless it falls into a handful of exemptions - law enforcement, credit rating and so forth. Facebook falls into none of these exemptions, therefore shadow profiles on anyone who has not signed up and agreed to the T&Cs would be entirely illegal. There's no legal mechanism for Facebook to retrieve, acquire, or store that unconsen
And tomorrow ... (Score:3)
"We are terribly sorry, but we no longer offer service in the United Kingdom. Blame the ICO, not us!"
Re: (Score:2)
Also a violation of Canadian Constitution (Score:1)
Just as with the CSIS ruling last week, the WhatsApp data transfer is a clear violation of the Canadian Charter of Rights and Freedoms privacy elements of the Canadian Constitution. Unlike the UK, Canada has a very recent Constitution and it has specific rights of privacy.
This does not restrict specific warrants for specific people who are part of an active investigation, but does apply to all bulk data and metadata collection, usage, and transfer.
Expect challenges to be filed and rulings for that.
Re: (Score:3)
"Unlike the UK, Canada has a very recent Constitution and it has specific rights of privacy."
The UK has rights of privacy via both the Universal Declaration of Human Rights, and the European Convention on Human Rights implemented as the Human Rights Act.
We just don't do such things in constitutions, because it's not clear they have ever actually worked as originally intended - the US constitution gives gun rights, but depending where you are in the US there are restrictions, most people agree with the adven
Data protection. (Score:5, Informative)
"For whatever reason"
It's called breaking the fucking law otherwise.
Data Protection Act attracts huge fines and is very clear about what is personal data, what you can do with it (nothing without explicit permission), and who's responsible if they don't.
When they are fining HOSPITALS hundreds of thousands of pounds for failing to protect even the most basic data, Facebook would have been on the receiving end of millions of pounds worth of fines almost instantly.
Yet again, EU and UK data protection law is well-worded and will bite you in the arse. Something the US doesn't seem to understand.
Re: (Score:2)
As in billion dollar fines.
No, that wasn't a joke.
Re: (Score:3)
The fines are quite large, up to 500 000 UKP at the moment but there aren't many of them issued in a given year.
On the horizon, however, is this:
http://data.consilium.europa.e... [europa.eu]
The EU General Data Protection Regulation (GDPR), which comes into force in 2018 with maximum fines of the larger of 20 million euros or 4% of global turnover.
No one knows how this will affect a post-Brexit UK, but if you do business in the EU it's not too soon to get your house in order.
India (Score:2)
Perhaps they comply because they had a a court order [engadget.com] about this in India.
EU (Score:2)
The EU is also breathing down FB's neck about this. They're in for a rough time.
Re: (Score:2)
The UK's data protection act is based on Europe's European Data Protection Directive anyway, it's the UK's implementation of it, so you can be fairly well rest assured that the rest of the EU will reach the same conclusion. The DPA doesn't really go much over and above the DPD.