8th Newsletter -> 26 August - 1 September 2016

Outrage over Whatsapp change of Privacy Policy

The WhatsApp messaging app has updated their privacy policy, which now permits connection of Facebook accounts to WhatsApp accounts for the first time. This gives Facebook, the company that acquired WhatApp in October 2014 for $22 Billion, more data about the users, which has sparked many privacy concerns. The very contents of WhatsApp messages are still end-to-end encrypted but Facebook will be able to gather information about users' phones and operating systems as well as their phone numbers.

WhatsApp released a statement regarding the updates to their privacy policy in a blog post. They state that closer cooperation with Facebook will allow tracking basic metrics about how often people use their services and better fight spam on WhatsApp. They also acknowledge that the main reason for phone number sharing is marketing and advertising since Facebook will be able to show more relevant ads to the users.

Read more HERE

Read the full WhatsApp announcement HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

UK Information Commission’s Office response

The Information Commissioner has responded to changes WhatsApp and Facebook are making to how they handle customers’ personal data. Information Commissioner Elizabeth Denham stated that the changes WhatsApp and Facebook are making will affect a lot of people. She continued that while it is not obligatory for the organisations to obtain prior approval from the ICO to change their approaches, they need to stay within data protection laws. The ICO will further investigate the matter.

Read the full ICO statement HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

FTC Complaint

In the US The Electronic Privacy Information Center (EPIC) have filed a formal complaint with the US Federal Trade Commission, accusing Facebook of violating Section 5 of the Federal Trade Commission Act (Unfair or Deceptive Acts or Practices). The main reason behind the complaint were the promises that WhatsApp made with regard to their data collection practices. At the time of the acquisition Jan Koum, co-founder of WhatsApp,  promised that the app would keep privacy at the heart of its operations under Facebook. But the recent update to the privacy policy presents a significant change to these practices. EPIC believes that the FTC has an obligation to protect WhatsApp users, because their personal information should not be incorporated into Facebook’s sophisticated data driven marketing business

Read more HERE

Read the whole complaint HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

First Month of Privacy Shield Operations

U.S. Department of Commerce (DoC) has commenced the EU-U.S. Privacy Shield certification on 1 August 2016 and has been verifying that privacy policies of US organisations comply with the data protection standards required by the Privacy Shield. After the first month 103 organisations have been verified by the DoC, meaning they are thus certified to receive personal data from the EU in full compliance with EU data protection rules. 

Currently the DoC is reviewing 190 more privacy policies of organisations that have signed up to the Privacy Shield and around 250 organisations are in the process of submitting their application for certification. It is interesting that approximately a third of organisations already certified have chosen EU Data Protection Authorities as their dispute resolution body. This will provide individuals with an accessible way to obtain redress in situations where they consider their data has been misused and their data protection rights have not been respected. Věra Jourová, the EU Commissioner for Justice, Consumers and Gender Equality, stated that she is pleased that so may organisations have already signed up for the Privacy Shield in the first month and she encourages others to do the same in order to ensure that EU citizens can have full confidence in the protection of their personal data when transferred to the U.S.

Read more HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Google signs up for the To EU-US Privacy Framework

Google, following Microsoft and Salesforce, has also decided to seek compliance with the Privacy Shield Framework. In a statement they noted that Google has committed to applying the Privacy Shield’s principles and safeguards to EU-U.S. transfers of personal data, by default. Caroline Atkinson, head of global public policy at Google, has written in her blog that Google is committed to applying the protection of the Privacy Shield to personal data transferred between Europe and the United States. 

Read more HERE

Read Google’s full statement HERE

Read Ms. Atkinson’s full blog post HERE

_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________