A European Union privacy watchdog rejected a call by Germany’s lead data protection regulator for an EU-wide ban on Facebook’s (FB.O) processing of personal data from its WhatsApp subsidiary, but told the social network’s lead EU regulator in Ireland to investigate.
The three-month freeze on WhatsApp’s collection of user data could have been extended by the European Data Protection Board (EDPB), a forum that groups regulators from the bloc’s 27 member states.
WhatsApp said in May that the action had no legitimate basis and would not impact the rollout of the update. It welcomed the EDPB’s decision on Thursday and said it will work with the Irish regulator to fully address the questions raised.
The EDPB said on Thursday the conditions to demonstrate the existence of an infringement had not been met and that it decided that no final measures need to be adopted against Facebook.
But it added that due to contradictions, ambiguities and uncertainties noted in WhatsApp’s user-facing information, it was not in a position to determine with certainty which processing operations Facebook was carrying out and in which capacity.
There was also not enough information to establish with certainty whether Facebook had already started to process WhatsApp user data for its own purposes of marketing communications and direct marketing.
It therefore asked Ireland’s Data Protection Commissioner (DPC) to open a statutory investigation as a matter of priority.
The Irish DPC leads oversight of Facebook because the company’s European headquarters are based in Ireland.
It had 14 major inquiries into Facebook and its WhatsApp and Instagram subsidiaries open as of the end of last year.