Popular text message and photo-sharing service WhatsApp violates international principles on safeguarding personal data, the Dutch and Canadian public privacy offices said on Monday.
The two privacy watchdogs carried out a joint investigation into the way WhatsApp handles personal information in what they said is a ‘milestone in global privacy protection’.
The watchdogs identitied three areas of concern, two of which have since been acted upon.
The research found WhatsApp contravenes both Dutch and Canadian privacy law by retaining the entire phone number directory of its users, including those who do not use the service.
In addition, at the time the investigation began, messages were sent unencrypted, leaving them vulnerable to interception, the report said. This has since been changed.
WhatsApp has also strengthened its password generation service, following concerns from the two watchdogs. Users should download the latest version to take advantage of these changes, the report said.
‘We are not completely satisfied yet,’ Jacob Kohnstammn, chairman of the Dutch data protection body CPB, said in the statement. In particular the address book issue contravenes Dutch and Canadian privacy law, he said. ‘Both users and non-users should have control over their personal data.’