Mounting Privacy Problems In Europe For Facebook's Acquisition Of WhatsApp

from the statement-of-objections dept

When it comes to online privacy, the European data protection authorities tend to be quite interventionist as they try to police the movement of personal data within and out of the EU. The concerns over the Safe Harbor and Privacy Shield frameworks are one manifestation of this. Another is the increasing EU scrutiny of Facebook's purchase of WhatsApp.

A couple of years after Facebook acquired WhatsApp, the latter announced that it was updating its terms and privacy policy so as to allow user data to be transferred to its parent company. Johannes Caspar, the Commissioner for Data Protection and Freedom of Information in Hamburg, where Facebook has its German headquarters, was unhappy with that move. He saw it as harmful to users' privacy, not least because there was no way to opt out of the data sharing. In September last year, he ordered Facebook to stop collecting data from WhatsApp, and to delete anything it had already brought across. Facebook appealed against the decision, and the Administrative Court of Hamburg has now handed down its ruling, which is to deny the US giant's request for Caspar's order to be revoked (pdf):

Facebook has appealed to the administrative court against the order in the preliminary proceedings. The goal was to repeal the immediate enforcement. The court rejected this request today and clarified the fact that it does not see any legal basis for the planned data exchange. Facebook can not invoke interests of its own business because the complete data exchange is neither necessary for the purpose of network security or business analysis nor for advertising optimization. Furthermore, the court clarifies that there is no effective consent from WhatsApp users for a data exchange with Facebook. As a result, the administrative court is making a clear consideration in the context of the preliminary legal proceedings: the interests of the approximately 35 million German WhatsApp users predominates the economic interest of Facebook in a suspension of immediate enforceability.

That's not the only problem Facebook faces in Europe. A little while after WhatsApp announced that it would be consolidating its user data with Facebook, the European Commission sent what is called a "Statement of Objections" to Facebook, alleging that:

the company provided incorrect or misleading information during the Commission's 2014 investigation under the EU Merger Regulation of Facebook's planned acquisition of WhatsApp.

The problem is that:

When reviewing Facebook's planned acquisition of WhatsApp, the Commission looked, among other elements, at the possibility of Facebook matching its users' accounts with WhatsApp users' accounts. In its notification of the transaction in August 2014 and in a reply to a request of information, Facebook indicated to the Commission that it would be unable to establish reliable automated matching between the two companies' user accounts.

Once WhatsApp and Facebook started carrying out precisely that kind of automated data matching last year, the Commission naturally wondered whether Facebook had been totally frank in its answers. The company had until January 31 to explain itself, and the Commission is now deciding whether it feels it was given misleading information. If it does, the consequences may be quite costly. Under EU law, Facebook could be fined 1% of its global turnover -- which would amount to around $179 million based on 2015 revenues. On its own, that probably wouldn't be too much of a problem for the deep-pocketed company. But combined with the ruling in Germany, and the possibility that data protection authorities in other countries will follow suit -- the law is the same throughout the EU, after all -- these European concerns about privacy are turning into a major a headache for Facebook.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 4 May 2017 @ 4:35am

    If they were more transparent and offered more tools to control how the data flows through their services it would be a non-issue. If companies in general weren't so eager to inject ads into our brains regardless of the costs involved (including those involving money) people wouldn't be that up in arms about privacy. If governments were less surveillance happy people would be less concerned about their data being shared and all.

    That's many ifs. Too bad the damage is done and now the costs to the companies and to the governments (again, including financial) is much higher than if they hadn't abused the peoples in the first place.

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 4 May 2017 @ 9:50am

    Google: "Don't be evil."

    Facebook: "Don't even bother pretending we're not evil."

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.