The Facebook WhatsApp merger poses serious privacy risks to users, and will require extensive work by the technology giant if it is not to run afoul of GDPR, a data security expert has said.

The plan, which was announced today, will see Facebook merge the underlying systems for Facebook Messenger, WhatsApp and Instagram to allow communication between the services.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

While each of the platforms will remain standalone apps, the project will allow users to send messages to the other platforms without holding accounts with them directly.

“We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private,” said Facebook.

“We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks.”

Privacy concerns over Facebook WhatsApp merger

According to Tim Mackey, technical evangelist at Synopsys, the plan runs the risk of contravening GDPR, meaning Facebook will need to take extensive steps to protect users’ privacy.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

He highlighted the recent Google sanction, which saw French authorities slap the search giant with a €50m fine for breaching data protection law as an example of how large companies can fail to adequately follow data privacy law.

“In their ruling earlier this week sanctioning Google, the French Data Protection Authority (CNIL) highlighted that Google failed to validly obtain user consent under GDPR for user data to be processed,” he said.

“Given the spotty history Facebook have in managing user privacy settings, merging personal information and privacy configurations from three significant applications won’t be trivial.

“Facebook development teams would do well to look at this precedent and prioritise user privacy.

“With the integration project currently expected to take a year to complete, and with end-to-end encryption as part of the plan, we should expect the Facebook engineering teams to focus attention on uniform data security both in their platform and in the apps themselves.”