The saying that if you aren’t paying for the product then you are the product has become relevant again this week. As technology firms like Google, Facebook and Roomba accumulate more information about users, the debate about how society can protect the public’s privacy is clearly building up a head of steam. Indeed, how firms deal with data is one of the cornerstones of the EU’s upcoming General Data Protection Regulation (GDPR), which will come into effect next year. However, that isn’t the only way Brussels aims to safeguard people’s privacy, as WhatsApp has discovered.
The messaging app was reprimanded this week for doing too little to resolve concerns about the platform sharing user data with its parent company Facebook. The EU first raised its concerns in 2016 when WhatsApp began to share information like users’ phone numbers and other data with Facebook. While WhatsApp responded to the pressure and ceased sharing the data for EU users, the EU doesn’t think the app has done enough.
On Tuesday, the Article 29 Working Party (WP29), a group of EU data-protection authorities, increased the pressure on the tech company by sending a letter to WhatsApp arguing that the information given to users was “seriously deficient as a means to inform their consent”. The letter, released to the public on Wednesday, argued that WhatsApp hadn’t done enough to inform users that clicking the agree button would mean that their personal data would be shared with Facebook. Additionally WP29 argued that users’ consent wasn’t freely given as WhatsApp effectively adopted a “take it or leave it approach in which users either signal their `consent’ to the sharing of data or [they would be] unable to avail themselves of WhatsApp’s messaging service.”
Given that the GDPR specifically targets questions concerning how companies use and store the information they gather about users, it’s safe to say that the last word has not been spoken in the debate about big data in the digital age.