recent work

What’s App

WhatsApp’s mobile messaging service used by hundreds of millions of customers worldwide breached privacy laws in at least two countries reports, a leading web-based science, research and technology news service, in a joint Canadian-Dutch probe. The California-based mobile app developer violated “certain internationally accepted privacy principles, mainly in relation to the retention, safeguard, and disclosure of personal data,” Canada’s privacy commissioner and the Dutch Data Protection Authority (CBP) said in a joint statement. WhatsApp has taken steps to resolve several privacy issues by implementing many of the privacy watchdogs’ recommendations. “However, outstanding issues remain to be fully addressed,” the watchdogs said.
The coordinated Canadian-Dutch investigation is a global first, and “marks a milestone in global privacy protection” in an “increasingly online, mobile and borderless world,” noted Canadian Privacy Commissioner Jennifer Stoddart. The joint probe found that most mobile smartphone users did not have a choice to use WhatsApp’s messaging app without granting access to their entire address book, in violation of Canadian and Dutch privacy laws.
In the Netherlands, the CBP said it may take further enforcement action, including sanctions, if it finds that WhatsApp continues to breach privacy laws. The privacy commissioner’s office in Canada has no enforcement powers but said WhatsApp has “demonstrated a willingness to fully comply with (its) recommendations.” The company, for example, has fixed a vulnerability that allowed a third party to send and receive messages in the name of users without their knowledge. It also recently introduced encryption to its mobile messaging service after the Canada-Dutch investigation revealed that messages sent using WhatsApp’s messenger service were prone to eavesdropping or interception, especially when sent through unprotected Wi-Fi networks.

At the end of January, WhatsApp proved how easy it is for a well-established company to fall prey to privacy breaches, after Canadian and Dutch data protection agencies accused it of retaining data on non-users without consent. The popular app had gone years in business without this being drawn to anyone’s attention, and without any penalties being brought. However, according to Daniel Cooper, head of global privacy and data security at Covington and Burling, it’s a trap many companies will have fallen into, as we will see in the future: “I suspect that these breaches are much more common than we think, with many businesses not paying due attention to their data collection practices when developing or deploying their services,” he told “Many companies simply collect data, despite having no clear business need for it, on the basis that it may be useful in the future.” The argument here being liability caused by ignorance, is one that was raised with the cookie policy, and one that will be brought to the European Commission by the ICO later this year if Graham’s comments are anything to go by.