WhatsApp privacy practices under scrutiny
Canadian and Dutch data protection authorities are saying that WhatsApp, a cross-platform text messaging application, "violates" international privacy laws because it requires users to provide their entire contact list to the service.
The Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority announced on Monday their findings for what they called a "collaborative investigation into the handling of personal information" by the California-based company.
WhatsApp -- available on Apple's iPhone, Android devices and BlackBerry smartphones -- provides a free service to rival text messaging, and sends more than 1 billion messages to users around the world every day.
In a statement, the agencies concluded that the application violated privacy laws in both the Netherlands and Canada because users had to provide access to all of their phone book contacts, including users and non-users of the application.
"The investigation revealed that users of WhatsApp -- apart from iPhone users who have iOS 6 software -- do not have a choice to use the app without granting access to their entire address book. The address book contains phone numbers of both users and non-users," Jacob Johnstamm, chairman of the Dutch Data Protection Authority, said in a statement.
Apple iPhone users running the iOS 6 mobile operating system are asked if they are willing to allow an application to access certain sensitive data on the device, such as location data or, in this case, contact list data.
The two agencies explained that WhatsApp relies on a user's phone number to populate the instant messenger's contacts list. All the user's phone numbers are transmitted to WhatsApp to "assist in the identification of other WhatsApp users." But, rather than deleting the phone number of non-users, WhatsApp allegedly retains the numbers, albeit in an unreadable hash form.
This falls foul of both Canadian and Dutch privacy law, which states that personal data may only be retained for as long as it is required for the fulfillment of a certain service.
"Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp," Johnstamm remarked.
"Our investigation has led to WhatsApp making and committing to make further changes in order to better protect users' personal information," Canadian Privacy Commissioner Jennifer Stoddart said in a statement.
While in breach of Dutch law, and though the Netherlands is a member of the European Union bloc of 27 member states, the mobile app is not thought to have breached wider European data protection law.
The Dutch authority will examine the California-based developer's case in a "second phase" in which "further enforcement actions" may be enacted, including sanctions. While the Canadian authority does not have order-making powers, it will keep a close eye on the company.
WhatsApp did not immediately respond to CNET's request for comment.
This article originally appeared on CNET.
Popular in SciTech
- Amazon proposes a colossal biospherelike Seattle campus
- Weird pirate ant comes with an "eye patch"
- Jennifer Lopez to open Verizon cellphone stores
- Apple's next iPhone may be coming in June
- The 7 weirdest things made by 3D printing
- Google to add Galapagos Islands to Street View
- Watch: Biggest solar storm of the year Play Video
- "God particle": Why the Higgs boson matters