Facebook’s WhatsApp plans stumble over EU privacy concerns
Europe’s privacy watchdog says Facebook will probably face ‘additional action’ over using WhatsApp’s data for its own advertising purposes
Luxembourg/Paris: Facebook Inc.’s stalled plans to leverage WhatsApp’s user data are about to hit another regulatory bump in Europe.
Isabelle Falque-Pierrotin, who heads a panel of Europe’s privacy watchdogs, said Facebook will probably face “additional action” over using WhatsApp’s data for its own advertising purposes when the group of regulators meets next month. Facebook has stopped merging some of the messaging service’s data with its own, but not necessarily all of it, she said.
“Looking at the evidence we have, the companies have stopped merging data but possibly not for all WhatsApp services,” Falque-Pierrotin, who also heads France’s data privacy authority CNIL, said in an interview in Paris. “It’s probably a bit more complicated than that.”
The merging of WhatsApp’s data is the first step by Facebook toward monetizing the platform since the social network’s chief executive officer Mark Zuckerberg bought the company for about $22 billion in 2014. The EU’s 28 privacy commissioners, who meet regularly as the so-called Article 29 Working Party, coordinated their actions against Facebook and in their October letter urged the Menlo Park, California-based technology giant to better explain its plans.
“We told them that such a merging of data is not necessarily welcomed,” said Falque-Pierrotin. Facebook didn’t immediately respond to an e-mailed request for comment.
“Data is at the root of what Facebook does—what users do on and off the platform, it uses that data to improve its service and fuel its advertising business,” Debra Aho Williamson, principal analyst at research firm eMarketer, said in a phone interview. “Facebook has been building a business based on advertising using data, and the ability to generate a revenue stream from WhatsApp is part of that.”
Using WhatsApp’s data combined with its own is important to Facebook because it lets the company offer advertisers a single entry into its several platforms—in other words, improve efficiency, Williamson said. But it’s also an opening into new business opportunities, because cross-analyzing data gives advertisers ammunition to better target users on each platform, she said.
“There’s always the spectre of regulation when it comes to targeted advertising, privacy is always lurking in the background as a serious concern,” Williamson said. “Anything that happens on WhatsApp could trickle into the rest of Facebook as it tries to put the data from all its services into one giant data warehouse.”
The companies’ August announcement also triggered renewed questions from the EU’s antitrust watchdog, who had cleared the takeover deal two years earlier.
EU Competition Commissioner Margrethe Vestager has warned that personal data gathered by searches and online behaviour helps pay for web services that people think of as free. Antitrust regulators might see problems if a company holds data that can’t be duplicated by anyone else.
Facebook’s recent suspension of cross-platform sharing of personal data throughout the EU “might be seen as a watershed moment” in European privacy law and regulation, said David Cantor, a Brussels-based lawyer at Telecommunications Law & Strategy. “This, however, is a provisional position, which ensued in reaction to multiple national objections and expressions of concern.”
The case shows that “the only way to address these big companies” is to coordinate actions across Europe, Falque-Pierrotin said.
Since privacy regulators began collaborating in Europe, Falque-Pierrotin said she’s seen “a real change in the behaviour of US technology companies with the EU group and national data protection authorities.”
While European watchdogs’ fining powers remain minimal, in some cases even non-existent, new EU-wide rules will take effect in 2018 that could boost sanctions by any of the bloc’s national regulators to as much as 4% of a company’s global annual sales. The rules have also killed once and for all the argument that European privacy laws don’t apply to US companies, said Falque-Pierrotin.
“That argument is dead and the last word’s been said about how seriously these companies should take European privacy laws,” she said. “But this still needs patience. The stakes are extremely high for the companies and I understand that they’re fighting this with tooth and nail.” Bloomberg