Protecting personal data is a hot topic for discussion within the European Union. The explosion in popularity of messaging applications such as WhatsApp has only increased users’ fears about what these service operators do with the data collected. At the end of September, the European Commissioner for Competition announced that she would now “keep a close eye” on businesses collecting and using personal data. A proposed regulation on telecoms that would set out the obligations of all such communications has also been published.

Potential new requirements for business that collect data

What happens to data that we share every day on the likes of WhatsApp, Snapchat, Skype, and Facebook? We still don’t really know. And that is the main reason why the European Commission has decided to amend the rules on the telecoms market. Brussels is seeking to class such operators as “electronic communications service providers”. That means they would be subject to the same obligations as traditional operators, and the freedom to sell our personal data would become a distant memory.

The Commission aims to create a new category of “interpersonal communications services”, which would be subject to specific rules. Going forward, the companies affected could be forced to inform the authorities of any violations that “have a significant impact on their operations” and also have a business continuity plan.

Interpersonal communications services are services that enable interpersonal and interactive exchange of information, covering services like traditional voice calls between two individuals but also all types of emails, messaging services, or group chats,” explained the European Commissioner for Competition, Margrethe Vestager. “Companies that use big data have to follow the rules,” she added.

Change in policy causing debate

In early September, the Commission entered into discussions with Facebook, which a few days earlier had announced a change to the confidentiality policy of its WhatsApp messaging application, after acquiring it in 2014. The purchase of WhatsApp prompted a massive outcry, especially from privacy rights groups, which feared that users’ personal data would be misused. Brussels responded that it had only investigated the consequences that the acquisition would have on the online advertising market and it hadn’t looked into the “collection and analysis of data”. Personal data collected by the messaging service is now used to provide users with more targeted advertising on other apps, such as Facebook and Instagram.

 Germany blocks data-sharing between Facebook and WhatsApp

The announcement of Facebook’s new policy was not warmly received in Germany. The Commissioner for Data Protection and Freedom of Information in Hamburg demanded that Facebook stop “the mass synchronization” of data from WhatsApp. It issued an administrative injunction prohibiting Facebook “from collecting and storing any more data from WhatsApp users in Germany”. On top of that, the data already collected from 35 million WhatsApp users in the country must be deleted.

Facebook and WhatsApp are independent companies that process their users’ data on the basis of their own Terms and Conditions and Data Privacy Policies. After the acquisition of WhatsApp by Facebook two years ago, both parties assured that data would not be shared between them. The fact that this is now happening is not only misleading to their users and the public, but also constitutes an infringement of national data protection law,” the data and information commissioner stated. The Commission believes that this agreement has no valid basis in law.

Not just a problem for individuals

We typically think of Facebook or WhatsApp as being used by individuals, but a high number of businesses also use these tools. Using shadow IT or unsecure tools for IT management is a reality in the business world, and we are more than familiar with the security implications. It is vital that companies are aware of the impact that using non-professional solutions can have on their security and business continuity.