German authorities invoke GDPR to halt WhatsApp's privacy policy implementation
What's the story
WhatsApp's privacy policy update that's scheduled to come into effect on May 15 has hit a roadblock in Germany. On May 11, the regulators issued an order on Facebook, thereby barring it from accessing personal data belonging to WhatsApp users.
We had previously reported how German authorities initiated proceedings to stop WhatsApp's policy implementation.
Read on for more insight on the recent development.
Rapid refresher
After deadline, WhatsApp will restrict features to enforce policy update
In case you haven't heard, after May 15, Facebook will gradually deny those who decline the updated privacy policy from accessing WhatsApp's essential messaging and calling features.
WhatsApp had previously deferred the policy implementation deadline until May 15 following global backlash.
WhatsApp's parent company plans to eventually tie the messaging service to Facebook Messenger.
No legal basis
German authorities invoked GDPR urgency procedure to stop Facebook, WhatsApp
On May 11, a press release from Hamburg's Commissioner for Data Protection and Freedom of Information (DPA) explained that Facebook Ireland Ltd. had been prohibited from processing personal data from WhatsApp with immediate effect under the European Union's General Data Protection Regulation (EU GDPR).
The release declared that upon evaluation, the commissioner found no legal basis for Facebook to process the data in question.
Strong-arm tactics
Hamburg DPA found WhatsApp's and Facebook's data exchange policies misleading
The document observed that the provisions for data exchange between WhatsApp and Facebook are "scattered" across the privacy policy, unclear, misleading, hard to distinguish in European and International versions, and show significant contradictions.
Additionally, WhatsApp's strong-arm tactics involving refusal of service to those who don't accept policy changes and the ambiguity surrounding the consequences of acceptance were highlighted in the press release.
German elections
Hamburg DPA commissioner highlights threat to elections by mass profiling
AndroidCentral reported that Hamburg's Commissioner for Data Protection and Freedom of Information Johannes Caspar's aim was to "prevent disadvantages and damage associated with such a black-box procedure."
Caspar said that Facebook's recent data breach and the Cambridge Analytica scandal "show the extent and threats of mass profiling."
Referencing Germany's upcoming election, Caspar added that profiling could be used to manipulate democratic decision-making processes.
Misunderstanding?
GDPR's procedure can hold off Facebook for three months only
Further, TechCrunch reported that a majority of users have already complied with WhatsApp's new terms although Facebook didn't disclose statistics.
A WhatsApp spokesperson disputed the German regulators' decision, calling it a "fundamental misunderstanding of the purpose and effect of WhatsApp's update"
Notably, the German regulators have invoked the GDPR's urgency procedure which can keep WhatsApp's predatory policy update at bay only for three months.
Against the law
WhatsApp's statement suggests Facebook won't comply with German DPA's order
WhatsApp's spokesperson regurgitated policy clarifications the company circulated earlier before adding that "as the Hamburg DPA's claims are wrong, the order will not impact the continued roll-out of the update."
This suggests that Facebook doesn't intend to comply with the DPA order.
It would be interesting to observe how the European Data Protection Board, the Hamburg DPA, and Facebook arrive at a solution.