On February 19, 2014, Facebook bought WhatsApp for $19 billion. Mark Zuckerberg described WhatsApp’s acquisition as “incredibly valuable”. In fact, WhatsApp has more than 450 million monthly users and it is adding more than 1 million new registered users a day. By entering into this agreement, Facebook has acquired a wide database of information.

So now, which are the implications for privacy of WhatsApp’s end users, taking account that Facebook has already showed its limits regarding the protection of personal data?

In this regard, on July 2, 2013, the Italian Data Protection Authority required Facebook to provide with information regarding six million of personal data of Facebook users, which have been unlawfully communicated to third parties; and take security measures, giving end users the possibility to take position against the processing operation concerning their personal data.

Previously, on May 2010, the Article 29 Working Party arose issues related the right of end users’ social networks to have and maintain the control of access to their data profile, by means of a letter addressed to Facebook. The Article 29 Working Party complained about the continuous changes of the default settings on its social-networking platform causing the detriment of a user and emphasized the need for a default setting in which access to the profile information and information about the connections of a user is limited to self-selected contacts. In addition, on July 13, 2011, the Article 29 Working Party adopted an opinion addressed to social networks regarding the concept of consent as a legal basis for the processing of personal data. The opinion highlighted the need of a free and informed consent of end users, under EU data protection law.

However, even WhatsApp Inc. has been investigated by the Italian Data protection Authority on February 27, 2013. The Italian Authority required it to give an explanation regarding its use of personal data of Italian end users. The investigation was executed in accordance with the results of survey provided by the Office of the Canadian Privacy Commissioner and the Dutch Data Protection Authority regarding the application developed by the company.

So far, we do not if and how Facebook will protect personal data of WhatsApp’s customers. Jan Koum, reassured its users that “Here’s what will change for you our users: nothing”. In fact, Koum affirmed that messages, once sent, are cancelled by WhatsApp Servers and, therefore, the application shall continue to protect personal data.

However, after the acquisition, WhatsApp’s server went down and it is not still clear, how this event may have effected privacy and security of end users’ personal data.