A joint Canadian-Dutch probe concluded that mobile messaging service, WhatsApp, breached privacy laws at least in both countries.
The California-based mobile app developer violated "certain internationally accepted privacy principles," mainly in relation to the retention, safeguard, and disclosure of personal data, Canada's privacy commissioner and the Dutch Data Protection Authority (CBP) said in a joint statement, according to a AFP report Tuesday.
The joint probe found that most smartphone users had to grant access to their entire address book in order to use WhatsApp, which was in violation of Canadian and Dutch privacy laws.
The two countries said WhatsApp had taken steps to resolve many privacy issues by implementing recommendations given by the watchdogs, but noted there are outstanding issues which still need to be fully addressed.
In the Netherlands, the CBP said it might take further enforcement action, including sanctions, if it found that WhatsApp continued to breach privacy laws, AFP reported.
Canadian Privacy Commissioner Jennifer Stoddart said the joint investigation was a global first, and marked a milestone in global privacy protection amid an increasingly online, mobile, and borderless world. The privacy commissioner's office in Canada has no enforcement powers, but it said WhatsApp "demonstrated a willingness" to fully comply with the commissioner's recommendations.
For instance, the mobile messaging service provider fixed a vulnerability that allowed a third party to send and receive messages in the name of users without their knowledge. It also introduced encryption to its mobile messaging service after the joint investigation found that messages, sent using WhatsApp's messenger service, were susceptible to eavesdropping or interception especially when sent through unprotected Wi-Fi networks, according to the report.