November 4, 2016
Both WhatsApp and Yahoo have fallen foul of EU data protection watchdogs and have been cautioned over breaches in EU data privacy rules.
The European Union's 28 data protection authorities released a statement saying that they had requested that WhatsApp cease sharing users data with Facebook until the "appropriate legal protections could be assured".
The same authorities have also written to Yahoo to request that they communicate all aspects of the data breach to the EU authorities, to notify the affected users of the "adverse effects" and to cooperate with all "upcoming national data protection authorities' enquiries and/or investigations. The letter also said that "The reports (about email scanning) are concerning to WP29 and it will be important to understand the legal basis and justification for any such surveillance activity, including an explanation of how this is compatible with EU law and protection for EU citizens".
The Article 29 Data Protection Working Party (WP29) (set up under the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) has also commented that WhatsApp’s actions have raised questions about the validity of users consent.
EU regulators can impose fines for breaches of community regulations. These fines appears to be derisory however, in comparison to the revenues of the U.S. companies concerned.
The regulators will discuss the Yahoo and WhatsApp cases in November.