European DPAs Press Yahoo on Data Breach and Email Scans, WhatsApp on Revised Policy

Friday to Yahoo CEO Marissa Mayer. It also sent a separate letter the previous day to WhatsApp about changes to its privacy policy and terms of service that would permit user data sharing with parent Facebook. Both letters were signed by the Article 29 Working Party Chairman Isabelle Falque-Pierrotin, who heads France's data protection authority. She said Yahoo also needs to fully cooperate in providing to the DPA commissioners information about the breach, people affected and measures taken. They also asked for information about Yahoo's cooperation with the U.S. government in scanning customer emails, which Falque-Pierrotin called "concerning," questioning whether it's legally justifiable (see 1610050038). "We are aware of the letter from the Article 29 Data Protection Working Party and will work to respond as appropriate," emailed a Yahoo spokesman. In the letter to WhatsApp CEO Jan Koum, Falque-Pierrotin said the messaging service's intent to share information with "Facebook family of companies" for advertising, marketing and other purposes is "in contradiction with previous public statements" of both companies (see 1608250027 and 1609070022). The change created "great uncertainty among users and non-users of the service," the group said, and it has "serious concerns" about the way the updated terms of service and privacy policy were given to users. Among other matters, Falque-Pierrotin said WhatsApp needs to provide information about the data collected, where from and who it's shared with so the commissioners can understand whether the data processing complies with EU rules. It also urged WhatsApp "not to proceed with the sharing of users' data until the appropriate legal protections can be assured." Facebook didn't comment.