Facebook WhatsApp merger has serious privacy implications for users

By Lucy Ingham

The Facebook WhatsApp merger poses serious privacy risks to users, and will require extensive work by the technology giant if it is not to run afoul of GDPR, a data security expert has said.

The plan, which was announced today, will see Facebook merge the underlying systems for Facebook Messenger, WhatsApp and Instagram to allow communication between the services.

While each of the platforms will remain standalone apps, the project will allow users to send messages to the other platforms without holding accounts with them directly.

“We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private,” said Facebook.

“We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks.”

Privacy concerns over Facebook WhatsApp merger

According to Tim Mackey, technical evangelist at Synopsys, the plan runs the risk of contravening GDPR, meaning Facebook will need to take extensive steps to protect users’ privacy.

He highlighted the recent Google sanction, which saw French authorities slap the search giant with a €50m fine for breaching data protection law as an example of how large companies can fail to adequately follow data privacy law.

“In their ruling earlier this week sanctioning Google, the French Data Protection Authority (CNIL) highlighted that Google failed to validly obtain user consent under GDPR for user data to be processed,” he said.

“Given the spotty history Facebook have in managing user privacy settings, merging personal information and privacy configurations from three significant applications won’t be trivial.

“Facebook development teams would do well to look at this precedent and prioritise user privacy.

“With the integration project currently expected to take a year to complete, and with end-to-end encryption as part of the plan, we should expect the Facebook engineering teams to focus attention on uniform data security both in their platform and in the apps themselves.”