Companies that use WhatsApp to communicate with their clients are under the risk of getting sanctioned as the popular app gets labeled “insecure” due to serious data sharing issues. As the GDPR is just around the corner, regulating authorities are tightening data protection measures all around Europe – and they have some legitimate reasons to do that.
Security concerns arose after discovering that WhatsApp, which was acquired by Facebook in 2014, is sharing data with the social media platform without explicitly informing the user neither giving him the option to decline this exchange.
These news come as another hit on Facebook’s reputation, who is still trying to recover after the recent Cambridge Analytica scandal in which the data of over 50 million Facebook profiles got leaked and used to favor Trump’s elections.
European countries are tightening security measures before the GDPR
With the upcoming implementation of the General Data Protection Regulation in May 2018, European countries are tightening security measures and conducting numerous investigations to ensure that local privacy laws are respected.
A few days ago, the Spanish regulator AEPD (Agencia Española de Protección de Datos) imposed penalties of over €600.000 on Facebook and WhatsApp for illegal data sharing. The regulator affirms that the popular app is not secure as users are unaware of their data being exchanged with Facebook. According to the investigations, new users are forced to accept these conditions for “improved user experience” if they want to install the app.
But Spain is not the only case. Last year, the French data protection authority CNIL issued an order enforcing WhatsApp to comply with local privacy laws within one month, under the risk of getting sanctioned. According to CNIL, WhatsApp did not have the legal basis to share user data with Facebook, and it has violated its obligations to cooperate with French authorities.
In 2016, Germany ordered Facebook to stop collecting and storing data on 35 million German WhatsApp users, as it constitutes “an infringement of national data protection law”. According to Johannes Caspar, the Hamburg data protection commissioner, “Facebook has to ask for users’ permission in advance. This has not happened”.
A year later, Italian authorities imposed a €3 million fine on WhatsApp for the very same reason. After a profound investigation, they discovered that WhatsApp was misleading users to believe that they will not be able to continue using the service unless they agreed to give their personal data to Facebook. The fine was lower than the maximum €5 million penalty that could have been imposed for this type of breaches.
Facebook gets fined €110 million for misinforming European regulators
In 2017, the European Commission fined Facebook €110 million for misleading information about WhatsApp acquisition, stating that the social media company misinformed European regulators regarding data sharing. During the acquisition, Facebook claimed that it will not have the technical possibility to link profiles between Facebook and WhatsApp. However, 2 years later, it was announced that WhatsApp will be sharing some user data, such as phone numbers, with the 2-billion-user social platform.
Companies that use WhatsApp are also under the risk of sanctions
Despite the fact that WhatsApp is the company responsible for breaching data protection laws, it doesn’t mean that sanctions end there. Due to risk of data security breaches, companies that use the app as a communication channel with their clients may also face serious penalties.
Once the GDPR is implemented, companies that use WhatsApp for business purposes might face a €20 million fine, or up to 4% of the total worldwide annual turnover.
How to communicate with your customers without getting fined
A lot of companies don’t think about identifying or fixing security issues until a breach happens. For this reason, a lot of small and medium-sized businesses rely on WhatsApp for a more convenient and faster communication with customers.
Unfortunately, the quantity of data handled by social media apps and platforms, as well as their obvious vulnerabilities, are enough to tempt hackers into initiating cyber attacks that cause million-dollar breaches. To this day, communication via landline and mobile phones remain the most secure method for companies, as long as it is in compliance with the corresponding security standards.
Under the European regulations GDPR and MiFID II, both of which are becoming effective this year, companies across various industries will be obligated to record and store their calls for security purposes.
To help businesses avoid fines that may reach and exceed 20 million euros, Cloud Worldwide Services developed Recordia – a cloud-based pay-per-use solution that lets you record, encrypt, and store office interactions in compliance with the European regulations GDPR and MiFID II. With its logging and auditing system, you will be able to know at any time who accessed the calls, what devices were used, and at what moment – complying with the requirement for traceability of the GDPR.
For more information, visit the page of Recordia, and do not hesitate to contact us!