How does Facebook share its advertising data

Which data for Facebook? - Confusion with WhatsApp's new privacy policy

After the notice in the app that the privacy policy for WhatsApp is changing, there is confusion about what now applies to users in the European Region. It is clear that the data protection guideline has been revised. Users must agree to the changed terms of use by February 8, otherwise they will no longer be able to use the messenger. According to a Facebook spokeswoman, however, what information WhatsApp shares with other Facebook companies has not changed; this also means that they are shared, but with a qualification.

If you follow the links in the window that pops up, you end up with the terms of use and must first see whether they are those that apply to Europe or outside the European region. That can be selected. The data protection declaration valid in this country is with EWR-Feb. Titled 2021.

Third party vendors and Facebook companies

The section "Third Party Providers" then states that Whatsapp works with third-party providers and other Facebook companies "who help us operate, offer, improve, understand, individualize, support and market our services". And further, that a paragraph below explains how WhatsApp works with other Facebook companies. So the part that has changed according to the message window. If you click on this link again, you will land on the page on which it says again:

"As part of the Facebook company, WhatsApp receives information from other Facebook companies and also shares information with other Facebook companies to promote the safety and integrity of all Facebook company products; z. B. WhatsApp takes action against spam, threats, abuse or rights violations.

WhatsApp also works with and shares information with the other Facebook companies so that they can help us operate, provide, improve, understand, customize, support and market our services."

The restriction follows that the information that WhatsApp passes on to Facebook may not be used for "the Facebook company's own purposes".

A Facebook spokeswoman assured heise online that the data transfer practices in the European Region (including Great Britain) have not changed. "WhatsApp does not share user data with Facebook so that Facebook can use this data to improve its products or advertise." Nevertheless, every user must agree to the change in the data protection guideline - and thus also to the transfer of data. The terms of use do not mention that users have so far been able to at least partially prevent the exchange of information. It is questionable whether this option will be retained in the settings.

The Hamburg data protection officer, Johannes Caspar, is currently examining the matter. He had already sued against the merging of data from the Facebook companies.

[Update 01/08/2021 1.30 p.m.] Johannes Caspar is extremely critical of the approach taken by WhatsApp and Facebook. The data protection officer initially states that since the GDPR came into force, the Irish data protection authority has been responsible. Previously, Caspar had issued an injunction to prohibit data merging against Facebook in a proceeding.

According to Caspar, the European version of the data protection guidelines is by no means harmless. "Although it is stated that no information that WhatsApp passes on is used for their own purposes by the Facebook company. At the same time, there is a reference to the fact that WhatsApp shares information with other Facebook companies, among other things in order to improve, provide and deliver services market." Data may therefore be passed on without restriction within the group. The FAQ then explains that Facebook receives telephone number, device information and other usage information from WhatsApp in order to provide analysis services. This explicitly includes people who are not on Facebook at all, but only use WhatsApp. "The fact that their data ends up on Facebook is problematic and requires an in-depth investigation, which the Irish supervisory authority has been responsible for carrying out since the GDPR came into force."

Data protection guidelines on Facebook in contradiction

There are also regulations for the cross-service exchange of data in Facebook's data protection guidelines. The aim is to find out how people use products from Facebook companies and interact with them. "For such analysis purposes, not only is the legal basis of data processing in the group highly questionable. It also turns out that WhatsApp's assurance that the data will not be used for the Facebook company's own purposes is at least contradictory against this background."

Caspar says: "The information that the user receives about cooperation and data exchange within the group is extremely indeterminate and non-transparent. Facebook's goal of using user data across companies cannot be achieved through a group privilege that the GDPR does not knows, nor can be justified by the consent of the user. At least not if the user has no choice but to agree to the data protection guidelines or to accept deletion of the account. We will again contact the supervisory authority in Ireland in relation to this issue Set connection."

[Update 01/11/2021 9:50 am] The guidelines apply to the European region, not just the EU.


Read comments (161) Go to the homepage


Don't miss any news! Every morning the fresh news overview from heise online