EU DPAs target WhatsApp and Yahoo – 1st step in enhanced enforcement cooperation

The EU Article 29 Data Protection Working Party (WP29) has sent a letter to WhatsApp saying that they have serious concerns regarding the sharing of information within the “Facebook family of companies”. The DPAs say that the Terms of Service and Privacy Policy do not address the data sharing that WhatsApp is introducing. The DPAs request WhatsApp to ‘communicate all relevant information to the Working Party as soon as possible and urge the company to pause the sharing of users’ data until the appropriate legal protections could be assured.’

In another letter to Yahoo regarding the data breach that occurred in 2014 and resulted in a loss of at least 500 million Yahoo! Inc users’ personal details. The DPAs have requested the company to ‘communicate all aspects of the data breach to the WP29, to notify the concerned users of the adverse effects and to cooperate with all upcoming national data protection authorities’ enquiries and/or investigations’.

Both the WhatsApp new Terms of Service and Privacy Policy Update and the Yahoo data breach and scanning of user emails will be discussed at the first meeting of the newly established WP29 enforcement subgroup in November.

WP29 will soon publish its initial guidance on enforcement under the EU General Data Protection Regulation.

The letter to WhatsApp
The letter to Yahoo