The Hamburg Commissioner for Data Protection and Freedom of Information has issued an emergency order prohibiting Facebook Ireland Ltd using personal data from the group’s WhatsApp social media platform for its own purposes.
A previously existing notice that WhatsApp messages are not shared on Facebook has been removed, according to the DPA, which says there is no legal basis for Facebook to process data from WhatsApp.
The DPA also argues consent is not freely given because WhatsApp demands acceptance of the new terms as a condition for continued use of the service.
He referred to recent data scandals such as Cambridge Analytica’s use personal information from Facebook users’ profiles and a data leak affecting 533m Facebook users show the extent and threat of mass profiling.
“This concerns fundamental rights and also the possibility of using profiling to influence voter decisions in order to manipulate democratic decision-making processes. With nearly 60m users of WhatsApp, the danger is all the more concrete in view of the upcoming federal elections in Germany in September 2021, which will create a desire to influence voters on the part of Facebook’s ad customers,” he said.
“The worldwide criticism against the new terms of service should give reason to fundamentally rethink the consent mechanism once again. Without user trust, no business model based on data can be successful in the long run,” Caspar commented.
The DPA also said: “The processing of WhatsApp users’ data is also not necessary for Facebook to perform a contract.
“The investigation of the new provisions has shown that they aim to further expand the close connection between the two companies in order for Facebook to be able to use the data of WhatsApp users for its own purposes at any time.”
Because the emergency order is only valid for three months under the EU’s General Data Protection Regulation (GDPR), the Hamburg DPA says it will bring the case to the European Data Protection Board (EDPB) for a binding decision at European level.