Germany’s leading data protection officer for Facebook announced on Tuesday that he would take action against the social network to prevent the collection of personal data from users of its WhatsApp messaging app.
The regulatory authority in the city of Hamburg announced that it had initiated emergency proceedings against Facebook after WhatsApp informed users earlier this year that they would have to agree to new data terms or stop using the service.
“We have reason to believe that the guideline on data exchange between WhatsApp and Facebook is being enforced inadmissibly due to the lack of voluntary and informed consent,” said the Hamburg data protection officer Johannes Caspar.
Caspar, who heads the national supervision of Facebook under the German federal system in Hamburg, said that he had opened a formal administrative procedure “to prevent an illegal mass exchange of data” in order to make a decision before May 15.
A WhatsApp spokesperson said, “Our recently released update includes new options for employees to notify a company via WhatsApp, and provides greater visibility into how we collect and use data.
“By accepting WhatsApp’s updated Terms of Service, users are not consenting to an extension of our ability to share data with Facebook, and the update will not affect the privacy of their messages with friends or family.”
The regulatory measure opens up a new front in Germany with regard to Facebook’s data protection guidelines. The national antitrust authority is already conducting a legal battle over data practices that allegedly reflect an abuse of the social network’s dominance of the market.
Since 2018, online data protection has been subject to a set of rules of the European Union, the General Data Protection Regulation (GDPR). Under the GDPR, Ireland oversees Facebook as the company’s European headquarters are located there.
Caspar said he wanted to freeze WhatsApp’s collection of user data for three months, citing “exceptional circumstances” provided for in the GDPR. The measures can be expanded by the European Data Protection Board, a forum in which regulators from the 27 member states of the bloc are brought together.
