Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
WhatsApp faces Italian scrutiny over privacy-policy changes in addition to US, India, Australia
14 January 2021 17:29 by Matthew Newman
WhatsApp’s controversial privacy-policy changes have now drawn the scrutiny of Italian regulators alongside officials in the US, India and Australia.
The changes — which apply to chats with businesses and not to private conversations with friends and family —have sparked a backlash from users and calls to boycott the app, and millions have reacted by switching to rivals Signal and Telegram.
WhatsApp's policy change, which included sharing of data with other companies in the Facebook group, has now prompted the Italian Data Protection Authority to intervene "as a matter of emergency," and to refer the issue to the European Data Protection Board, the umbrella group of EU data watchdogs.
The Italian authority said the policy changes “are unclear ... and must be carefully evaluated in light of the regulations on privacy.”
Italy is joining regulators and lawmakers around the world in expressing concern.
While the change is seen as much less sweeping than the one Facebook made in 2016, when it began requiring WhatsApp users to share their phone number and other personal data with Facebook, the Italian authority said users didn't have clear information.
"It is not possible for users to understand what changes have been introduced, nor to clearly understand which data processing will actually be carried out by the messaging service" after Feb. 8.
“This information does not therefore appear suitable for allowing WhatsApp users to express their free and aware will” to data process, the authority said, adding that it “reserves the right to intervene, as a matter of urgency, to protect Italian users and to enforce the rules on the protection of personal data.”
Under the EU’s General Data Protection Regulation, companies must provide information about data processing in “a concise, transparent, intelligible and easily accessible form, using clear and plain language.” The rules also require that users provide their “informed and unambiguous” consent to data processing.
Under the revised policy, businesses have the option to use "secure hosting services from Facebook to manage WhatsApp chats with their customers, answer questions, and send helpful information like purchase receipts," WhatsApp said.
“Businesses may send you transaction, appointment, and shipping notifications; product and service updates; and marketing,” the company said. “For example, you may receive flight status information for upcoming travel, a receipt for something you purchased, or a notification when a delivery will be made.”
Will Cathcart, the head of WhatsApp, responded to questions about the policy change last week. The goal was “to be transparent and to better describe optional people-to-business features, he said.
“It's important for us to be clear this update describes business communication and does not change WhatsApp’s data sharing practices with Facebook. It does not impact how people communicate privately with friends or family wherever they are in the world."
Facebook said it's reviewing the Italian authority's announcement.*
"We want to be clear that the policy update does not affect the privacy of your messages with friends or family in any way or require Italian users to agree to new data-sharing practices with Facebook," the company said in an e-mailed statement.
"Instead, this update provides further transparency about how we collect and use data, as well as clarifying changes related to messaging a business on WhatsApp, which is optional. We remain committed to providing everyone in Italy with private end-to-end encrypted messaging,” Facebook said.
*Updates at 20:18 GMT Jan. 14, 2021 with comments from Facebook.
24 June 2022 06:27 by Laurel HenningStanding between insurers and the unimpeded use of data collected by a smart watch is industry regulation
23 June 2022 15:37 by Sam ClarkEU-based websites mustn't use Google Analytics because of rules against transferring personal data to the US, the Italian privacy watchdog ruled.