WhatsApp and Facebook have this week been asked by privacy watchdogs to stop sharing data between them until it's clear that privacy rules and obligations have not been, and are not being, broken.
Leaving aside the names of the companies involved, it's a good example of the perils that can lie in the integration of companies following an acquisition, and the inevitable moves to amalgamate and share data. Attention must be given to the privacy policies that apply to the various data sets, and what those data subjects involved were told as to how their data would be used after collection.
It's also an appropriate story given the Information Commissioner's recent movements to:
- remind companies of their data protection obligations as we move towards the roll out of the General Data Protection Directive in 2018 (unlikely to be too impacted by Brexit)
- emphasise the need for transparency in privacy notices, and to not assume that one size fits all for all channels through which data is collected.
The ICO's code of practice can be found here https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/. It's worth a read, particularly in respect of the emphasis to consider the new and innovative ways in which data can be collected about end users.