WhatsApp gets a month to solve the ToS problems of consumers in Europe – TechCrunch

WhatsApp gets a month to solve the ToS problems of consumers in Europe – TechCrunch

WhatsApp gets a month to solve the ToS problems of consumers in Europe – TechCrunch

WhatsApp has been warned by European regulators that it still has a month to resolve its confusing terms of service, the Commission said today.

The messaging platform owned by Meta has been investigated by the bloc following a series of consumer protection complaints filed in July 2021 by the Consumer Protection Cooperation (CPC) Network, led by the Swedish National Authority, following complaints from BEUC and some of its member organizations, after WhatsApp attempted to force a controversial update to its privacy policy, which sparked a major backlash from users earlier that same year.

Concerns over WhatsApp’s updated ToS – separately – led a number of EU data protection authorities to issue their own previous warnings.

There is some overlap in these respective regulatory concerns, but the consumer protection complaints accuse WhatsApp of unduly pressuring users to accept changes to the terms and conditions and privacy policy, and object to a lack of clarity in its communications to users – those watchdogs inadequate and confusing.

The Commission said today it followed up on a letter sent to WhatsApp in January about consumer protection complaints with a second letter urging the company to take action to address remaining concerns with its ToS and updates. of the privacy policy; and to “clearly inform” consumers about the business model.

In particular, WhatsApp is being asked to demonstrate how it plans to communicate future updates to its terms of service in a way that makes it easy for consumers to understand the implications of those updates and freely decide whether to accept them. want that. to continue using WhatsApp after those updates,” the Commission wrote in a statement in French [translated with machine translation]† “The company is also being asked to clarify whether it derives revenue from commercial policies related to user data,” it added.

The EU executive said WhatsApp responded to its earlier letter of complaint by claiming it provided users with “the necessary information” about the ToS updates, including through in-app notifications and the support center.

But the Commission’s assessment is that WhatsApp’s communications are still not compliant — criticizing the manner in which the information is provided (“in a persistent manner”) and continuing to rate it as “inadequate and confusing to users” .

“WhatsApp must ensure that users understand what they agree to and how their personal data is used for commercial purposes, in particular to provide services to business partners,” Justice Commissioner Didier Reynders added in a statement. “I reiterate that I expect WhatsApp to be fully compliant with EU rules protecting consumers and their fundamental rights.”

The Commission said WhatsApp has one month to demonstrate to consumer protection authorities across the bloc that its practices comply with EU consumer law.

It’s not immediately clear what can happen if that deadline passes without WhatsApp making the required changes, but the enforcement of consumer protection law is handed over to national authorities – and the Commission is essentially taking on a coordinating role here because it is a cross-border complaint. The likely consequence of continued non-compliance is that WhatsApp risks receiving a series of enforcements at member state level.

Historically, the level of sanctions that national authorities can impose for consumer protection breaches has varied and can be low.

In 2019, however, EU lawmakers supported a modernization of consumer protection rules to introduce more deterrent penalties – especially for issues that cross borders and affect many EU consumers, agreeing at the time that for widespread infringements (as these issue would certainly be assessed, given the widespread use of WhatsApp in Europe), national authorities should be able to impose fines of at least 4% of global annual turnover.

EU member states were required to apply these new rules from May 28, 2022 – so as WhatsApp continues to issue a consumer protection breach warning as of June 2022, the issue should be covered by the enhanced regulation, putting the company on the hook for what could be a fleshy fine if it does not clean up its deed in time.

We reached out to WhatsApp for comment on the Commission’s latest warning – and it sent this statement, attributed to a spokesperson:

“Our 2021 update did not change our commitment to user privacy or the way we use our service, including how we process, use, or share data with anyone, including Meta. We welcome the European Commission’s acknowledgment that we have provided users with the necessary information about our updates, including through in-app notifications and our help center. We are studying the letter from the CPC and will respond in due course.”

The company also pointed to a reorganization of its regional privacy policy it undertook earlier this year, following a major EU data protection sanction – when it also said it had added additional details for people in the European region at the behest of its leading EU government. data protection regulator, the Irish Data Protection Commission (DPC).

Data protection regulators have expressed some similar concerns about WhatsApp’s activities, although the laws involved differ from consumer protection rules; and Ireland’s data protection regulator has long been accused of not vigorously enforcing it against tech giants like WhatsApp’s parent company, Meta.

Last summer, following an intervention by other concerned EU data protection authorities, the European Data Protection Board ordered the DPC to swiftly investigate the sharing of WhatsApp Facebook data, although it is not clear how/whether it will respond to that specific order. has acted.

Last fall, the DPC fined WhatsApp $267 million — for violations of the transparency principles of the EU’s General Data Protection Regulation (GDPR) — even though that investigation dated back to December 2018, which predated the controversial update of the privacy policy that both consumer protection authorities and (other) EU data protection authorities have expressed concerns about, even though Ireland seemed content to accept Meta’s line that there has been no meaningful change in its policy.

In addition, a very long-running complaint against WhatsApp in the EU (dating back to May 2018) has yet to be decided – which focuses on the core issue of what the legal basis is for processing user data for ad targeting purposes, although we understand that the DPC has previously sent a draft decision to other EU DPAs for review (and the opportunity to object), so at the time of writing, the standard GDPR Article 60 consensus-building process remains ongoing.

So a final decision on that four-year+ complaint could eventually come out later this year — with the possibility of another major fine on WhatsApp. Or even an order to stop processing user data for ads, which could have a much more damaging effect on Meta’s adtech business.