Privacy Commissioner Finds (Parts Of) an App to Violate Privacy Principles

Yesterday, a news release by the Office of the Privacy Commissioner of Canada (OPC) informed the public of its recent findings following an investigation into the WhatsApp, also known as WhatsApp messenger (the report of findings can be read here). For the OPC, this investigation is a first in that is was done in collaboration with the Dutch Data Protection Agency.

WhatsApp is a cross is a “cross-platform mobile messaging app”, as described on its website. The investigation looked into whether or not the application contravened certain Principles of the Personal Information and Electronic Documents Protection Act. Among other things, as reported in the news release, the OPC found that:

Once users consent to the use of their address book, all phone numbers from the mobile device are transmitted to WhatsApp to assist in the identification of other WhatsApp users. Rather than deleting the mobile numbers of non-users, WhatsApp retains those numbers (in a hash form). This practice contravenes Canadian and Dutch privacy law which holds that information may only be retained for so long as it is required for the fulfilment of an identified purpose.

According to the report, the corporation is taking steps to comply with many of the recommendations and a number of the issues have already been resolved. 

Given the fast paced development of applications, do the OPC’s conclusions surprise you? Will such an investigation and report influence whether people use this application or not?

Comments are closed.