Alex Hern 

EU data watchdog raises concerns over Facebook integration

Irish commission that regulates site requests urgent briefing on platforms merger
  
  

A mobile phone with Facebook, Messenger, WhatsApp and Instagram apps
Facebook says its plan will make it easier to reach friends and family across networks. Photograph: Samuel Gibbs/The Guardian

Facebook’s plan to merge WhatsApp, Instagram and Facebook Messenger could raise significant data protection concerns, according to the Irish commission that regulates the social network in the EU.

The Data Protection Commission has asked for an urgent briefing with Facebook Ireland so it can assess the proposals, it said in a statement. “The Irish DPC will be very closely scrutinising Facebook’s plans as they develop, particularly insofar as they involve the sharing and merging of personal data between different Facebook companies.

“Previous proposals to share data between Facebook companies have given rise to significant data protection concerns and the Irish DPC will be seeking early assurances that all such concerns will be fully taken into account by Facebook in further developing this proposal. It must be emphasised that ultimately the proposed integration can only occur in the EU if it is capable of meeting all of the requirements of the GDPR.”

Facebook’s only previous attempt to merge WhatsApp with its wider business was shot down in the European Union due to data protection concerns. In March 2018, the UK information commissioner (ICO) ruled it would be illegal for the company to carry out a plan, paused in 2016, to share personal data between the two services in order to improve targeted advertising on Facebook.

The ICO’s investigation found “WhatsApp has not identified a lawful basis of processing for any such sharing of personal data” and that “if they had shared the data, they would have been in contravention of the first and second data protection principles of the Data Protection Act”.

Following that ruling, WhatsApp entered a voluntary commitment that, if it did decide to share data, it would only do so in accordance with the requirements of GDPR, the pan-European data regulation, and working with the Irish data protection commissioner.

Under GDPR, a company may designate one national regulator as its “lead supervisory authority”, to prevent it having to deal with 28 separate regulators; for Facebook, Ireland’s DPC takes that role.

Facebook has not given a timescale on its plans to merge the three networks, but has confirmed it is “considering ways to make it easier to reach friends and family across networks”. The plans, first reported by the New York Times, would see the three apps continuing to operate independently, but with a merged back-end that would allow messages to be sent between users of different services.

 

Leave a Comment

Required fields are marked *

*

*