In a joint investigation with the Dutch Data Protection Authority, the Office of the Privacy Commissioner of Canada(OPC) found that WhatsApp, a popular multi-platform messaging app, violated both countries’ privacy laws by indefinitely storing users’ address books on all operating systems but Apple’s iOS6.
“The investigation revealed that users of WhatsApp – apart from iPhone users who have iOS 6 software – do not have a choice to use the app without granting access to their entire address book. The address book contains phone numbers of both users and non-users. This lack of choice contravenes (Dutch and Canadian) privacy law. Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp,” claims the Chairman of the Dutch Data Protection Authority, Jacob Kohnstamm in a press release issued today.
The bureaus have worked with WhatsApp to ensure changes will be made to the app on platforms such as Android, Windows Phone and BlackBerry OS to better protect users’ sensitive information. They found that WhatsApp indefinitely stores users’ phonebook data in hash form which, with the right tools, could be decrypted. Canadian law dictates that such information can only be stored for the length of time it takes the offending company to match that information with the appropriate database.
WhatsApp had already changed how it treats sent and received messages thanks to the inquiry; previously, messages sent over the company’s servers were unencrypted but have been since September 2012 the issue has been resolved.
WhatsApp intends to comply with the Commissioner’s findings, and will likely implement a fix to the aforementioned issue in the coming months.