DUBLIN (Reuters) - WhatsApp has still not brought forward proposals to address EU regulators’ concerns over the messaging service’s sharing of user data with parent company Facebook, Facebook’s European regulator said on Wednesday.
The popular messaging service changed its privacy policy over a year ago to start sharing users’ phone numbers and other information with Facebook. That drew widespread regulatory scrutiny across Europe, and WhatsApp subsequently suspended the data sharing for EU users.
The Irish data protection authority (DPC) - which has jurisdiction over Facebook because the company’s European headquarters are in Dublin - said last April it hoped to reach a deal with WhatsApp on the data sharing in a matter of months.
With no proposals forthcoming, the DPC said it had maintained its insistence that WhatsApp’s EU personal data not be shared with Facebook for the management of advertising campaigns and product enhancement purposes until it was satisfied there was a lawful basis for doing so.
“At this point the ball is in their court to bring forward what would be a credible process to legitimize the processing and no such options to this point have been presented to us,” Ireland’s Data Protection Commissioner Helen Dixon told Reuters in an interview.
“In fact WhatsApp reconfirmed with us recently that moving into GDPR in May, it would continue to observe the pause on processing of data for these purposes,” she said, referring to the EU General Data Protection Regulation (GDPR) which from May will require firms to give customers more control over their online information.
European Union privacy regulators criticized WhatsApp in October for not resolving the concerns, a year after they first issued a warning.
A spokeswoman for Facebook Ireland was not immediately available for comment.
The DPC also said it was approaching a conclusion in its investigation into a massive 2014 data breach at U.S. Internet company Yahoo - now part of Oath - that led to the theft of data from 500 million users.
Yahoo, whose assets were mostly acquired by Verizon Communications Inc last year, only revealed in late 2016 that hackers had stolen the data in 2014, prompting criticism from U.S. politicians into the delay in notifying customers.
“We’re literally in the final stages of completing that report, it’s very imminent at this stage,” Dixon said, adding the results would be given to Oath and that her office also intended to publish a summary of its findings.
Reporting by Padraic Halpin; Editing by Mark Potter