WhatsApp just agreed not to share the personal information of its users in the European Union with Facebook until it can comply with the General Data Protection Regulation (GDPR), which will be enforced in May. It’s not a permanent commitment, and there are a few noteworthy exceptions, but it’s good news for WhatsApp users who give a damn about their privacy.
“People have a right to have their personal data kept safe, only used in ways that are properly explained to them, and for certain uses of their data, to which they expressly consent,” Information Commissioner Elizabeth Denham wrote in a post on Wednesday. “This is a requirement of the Data Protection Act.”
WhatsApp’s agreement with the ICO states that the service won’t share any EU user data with Facebook, or any Facebook company, ahead of the GDPR. But there are a few significant caveats: After the GDPR comes into force, WhatsApp can share user data with Facebook or a Facebook company “for safety and security purposes” as well as to help inform the company how to improve its products and advertising, according to the undertaking. These exceptions still need to comply with GDPR regulations.
It remains to be seen whether Facebook and WhatsApp will push back on or try to circumvent regulations for that sweet data come May.