I thought when I signed up to WhatsApp that it was strange it accessed my entire address book. Â Now, the Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority sayÂ this breaches international privacy law.
WhatsApp, one of the world’s top five best-selling apps, is an instant-messaging application for smartphones including Apple’s iPhone and RIM’s Blackberry. Â It provides a free internet alternative to SMS, or text messaging, sending more than a billion messages every day.
According to a press release:
The instant-messaging application requires users to provide access to their complete address book, including users and non-users, the report states. Dutch DPA Chairman Jacob Kohnstamm said, “This lack of choice contravenes (Canadian and Dutch) privacy law. Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp.”
There seems however, to be someÂ controversyÂ over how far a Dutch remit can stretch:
Bird & Bird Partner Gerrit-Jan Zwenne told the IAPPsÂ Daily Dashboard, “Clearly the Dutch DPA thinks it has extra-territorial powers. The implications are far-reaching, as this would be no different for other DPAs in the EU. If this interpretation of EU data protection law is right–many doubt that–all national DPAs could investigate any non-EU-based controller that provides apps to EU nationals.”
In several earlier posts, I have talked about the presumption behind some national regulators and the confusion they cause in the name of bringing clarity. Â This looks like it might be another example…