WhatsApp plus Facebook, what data protection issues?

Adding 450 million monthly users to 1.3 bn monthly users costs $19 bn according to Facebook, but also means that the buyer will be able to know about (and benefit from) much more information on its users to be potentially used for advertising purposes. This is what advertisers might be thinking about, but this might be also the concern of the Canadian, the Dutch and the Italian data protection authority that investigated on WhatsApp in 2013.

Indeed, WhatsApp had been questioned last year about the types of data collected, their modalities of usage and storage as well as the measures implemented to prevent third parties to access to them. But data protection issues caused a troubled year also for Facebook that was obliged to pay $20 million to settle a dispute in California.

The value of the WhatsApp deal and these recent disputes confirm that the real asset in the next years will be given by big data, better if they are collected through mobile devices or wearable technologies. However, the issue is whether data protection regulators should loosen privacy law restrictions in order to foster the growth of these technologies which might also lead to benefits to users or strengthen the privacy related protections also in the light of the recent scandals occurred in the US.

In this perspective the European Parliament voted in October 2013 for stricter data protection regulations backing up the draft regulation that had been discussed for the last 2 years and provides now, among others, fines up to EUR 10 million or up to 5% of the annual worldwide turnover whichever is greater.

The regulation will eventually introduce a unique set of data protection laws applicable all across the European Union while at the moment the inconsistencies in the implementation of the EU Privacy Directives represent a major cost for multinational companies and the goal for the European Parliament is to give the final approval by May 2014, but someone doubts about the feasibility of such timeframe. However, once adopted this will represent a major change for not only European companies but also international companies offering their services in the European Union from wherever they are located since they shall comply with European standards of privacy.

Again the question is whether this change is for better or will cause a competitive disadvantage for Europe preventing or at least delaying some investments in the region. We will monitor the matter, but in the meantime feel free to contact me, Giulio Coraggio (giulio.coraggio@dlapiper.com), to discuss. Also follow us on Google+, in our IPTitaly group on LinkedIn and on Twitter.