The Italian Privacy Authority has questioned the California corporation, WhatsApp Inc., owner of WhatsApp Messenger, to clarify key privacy issues to comply with the Italian Data Protection Law.
The WhatsApp application has already been heavily criticized after a joint investigation carried out by the Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority. A joint report recently released stated the app violated privacy laws because users have to provide access to all phone numbers in their address book, including both users and non-users of the app.
In particular, on installation users are asked permission to share their contacts so that the software can identify which of their friends use the service. Once users consent to the use of their address book, all phone numbers from the mobile device are transmitted to WhatsApp to assist in the identification of other WhatsApp users. According to the report, the problem was that the Company did not delete the information of non-users after running the friend-identification check.This contravenes Canadian and Dutch privacy law, pursuant to which personal data may only be retained for so long as it is required for the fulfillment of specific well-defined purposes.
As a result, the Italian Privacy Authority itself, following the example of the Canadian and Dutch Privacy Authorities, has asked the Californian Company to answer several questions such as: what kind of personal data is collected and used when a new user signs up to the app and when the service is provided; how such data is retained and protected; remedies used to prevent third-parties eavesdropping; how long data is retained for and the number of Italian users that use the app.