The Chair of the National Data Protection Commission (CNIL) had asked WhatsApp to provide a sample of the French users’ data transferred to Facebook.
“The company explained that it could not supply the sample requested by the CNIL since it is located in the US, it considers that it is only subject to the legislation of this (US) country,” CNIL posted on its website late on Monday.
“As a result, the Chair of the CNIL decided to issue a formal notice to the company WhatsApp to comply with the Data Protection Act within one month,” it added.
Facebook acquired WhatsApp in 2014.
“While the security purpose seems to be essential to the efficient functioning of the application, it is not the case for the ‘business intelligence’ purpose which aims at improving performances and optimising the use of the application through the analysis of its users’ behaviour,” noted Chair of the CNIL.
The watchdog considered that the data transfer for “business intelligence” purpose is not based on the legal basis required by the Data Protection Act for any processing.
It then decided to send a formal public notice in order to ensure the highest level of transparency on the massive data transfer from WhatsApp to Facebook Inc. and, thus, to alert to the need for individuals concerned to keep their data under control.
This is not the first incident where WhatsApp-Facebook data sharing has been condemned.
Germany has also ordered Facebook to stop collecting data from WhatsApp users.
After repeated criticism, Facebook also agreed to stop collecting WhatsApp user data in the UK.