Dutch DPA: WhatsApp non-users better protected
WhatsApp offers additional protection for non-users following the conclusion of the Dutch Dataprotection Authority’s (Dutch DPA) investigation. WhatsApp now processes telephone numbers of non-users in another way and has also changed the way it stores these data. According to the Dutch DPA, by doing so the company now has a legal basis to process these data.
In January 2013 the Dutch DPA released a report regarding its investigation of the processing of personal data by WhatsApp together with the Canadian privacy authority OPC. The Dutch DPA at that time concluded that WhatsApp for its service also was permitted access by the user to telephone numbers of non-users in his or her mobile phone address book.
In the subsequent phase of this investigation, WhatsApp explained that it is not technically possible to offer its service without its users uploading the telephone numbers in their mobile phone address books including those of non-users. It has taken a number of measures in cooperation with the Dutch DPA. These measures ensure that WhatsApp processes telephone numbers of non-users to allow WhatsApp users to find and contact each other and not for other purposes.
The company has taken security measures appropriate for its service that will have the effect that telephone numbers of non-users are processed technically in a way (‘hashed’) that the possibility for other uses are limited. Moreover, these ‘hashed’ telephone numbers of non-users will be stored separately. Only a limited number of engineers have access to this data. To confirm these measures, WhatsApp will have an external review carried out.
WhatsApp disputes the Dutch DPA’s jurisdiction in this matter, but has cooperated with the investigation.
News message / 28 January 2013Canadian and Dutch data privacy guardians release findings from investigation of popular mobile app