Current: Are WhatsApp's new terms of use compliant with data protection?

WhatsApp plans to revise its rules on May 15, 2021. In it, the powers for data processing will be renewed and expanded. What WhatsApp presents as a small formality is quite questionable in view of the GDPR.

If WhatsApp were to collect the data of its users (personal data within the meaning of the GDPR) to the parent company Facebook, which may be facilitated by the new regulations (at least according to the Hamburg Commissioner for Data Protection, Prof. Dr. Johannes Caspar), there should be a legal basis for this.

Consent

The Group could focus on the Consent of the users (Art. 6 I lit. a GDPR), which he is currently trying to obtain.

According to Caspar, however, there is a lack of transparency in this regard. The user's consent is not given in an informed manner. The voluntary nature of the consent is also very limited, since the scope of use is to be restricted step by step if consent is refused, even though consent is not required for the usage options offered to date.

Legitimate interest

However, the Group may have a legitimate interest within the meaning of Art. 6 I lit. f DSGVO.

Caspar emphasizes at this point that this is not the case. Rather, the interests of the users are more important.

Follow

Caspar initiated an urgent procedure in accordance with Art. 66 I GDPR. This lasted for three months. As part of this, he issued an order against the Group prohibiting personal data of WhatsApp insofar as this is done for our own purposes. Immediate enforcement was ordered. The reaction to this (also on the part of the actually responsible Irish authority) remains to be seen.

For further information, the press release of the Hamburg Commissioner for Data Protection and Freedom of Information of 11.05.2021 is recommended.