The popular Facebook-owned instant Messaging App, Whatsapp, has not been operating within the terms of France's Data Protection Act. The company has been warned by CNIL (the French Data Protection Authority) to get in line with French privacy law within one month. "If Whatsapp doesn't comply, it could sanction the company," a report by Daily Mail stated.

Whatsapp shares user info without consent

According to the French regulator, Whatsapp has been sharing users' phone numbers with Facebook for "business intelligence" purposes, without properly obtaining users' consent. There is no way to refuse this transfer of information.

This began in August of 2016, when Whatsapp started sharing certain information with Facebook. The app claims that this change was intended to improve user experience and combat spam and abuse. It also shows more relevant ads and friend suggestions. This has been concerning to the European Union privacy officials since the changes took place, as they had a sneaking suspicion that users' data was being used for purposes not stated in the Terms Of Service and privacy policy.

Whatsapp avoids sending a sample of users' data being shared

The CNIL has repeatedly requested a sample of French users' data being shared to Facebook, but Whatsapp has ignored the requests, stating that they're not subject to comply with French law, as the company is based in the United States. The French data protection authority states that they made this formal notice public "to ensure the highest level of transparency on the massive data transfer from Whatsapp to Facebook."

The company has stated that privacy is very important to them, which is why they "collect very little data and encrypt every message" (according to a report by Bloomberg).

It seems that Whatsapp plans on complying with the terms, as they explained in an emailed statement, "We will continue to work with the CNIL to ensure users understand what information we collect, as well as how it's used".

You would think that a company of this size would have the forethought to include all the relevant details in their terms of service, especially after the European Union privacy officials have made their concerns known. Why refuse to send a sample to the CNIL? Is Facebook standing their ground and protecting their own rights to privacy against the EU and the CNIL, or do they have something to hide?