The regulators stopped short of taking action against Facebook, saying it was still too unclear how the company was using data on WhatsApp users.
The European Data Protection Board, a panel of EU authorities, said Facebook’s practices linked to WhatsApp data should be examined “as a matter of priority” by the Irish privacy watchdog, its main regulator in the region.
Updated terms had been set to be imposed upon users of the Facebook-owned messaging app early this year — but in January Facebook delayed the WhatsApp terms update until May after a major privacy backlash and ongoing confusion over the details of its user data processing.
“Considering the high likelihood of infringements in particular for the purpose of safety, security and integrity of WhatsApp” and other Facebook units “the EDPB considered that this matter requires swift further investigations,” the EU body said in statement.
In Thursday’s decision, the EDPB stopped short of imposing a provisional EU-wide ban on data access, as requested by the Hamburg data privacy commissioner.
The German authority in May imposed a three-month banning order on Facebook to stop it collecting German users’ data from its WhatsApp unit, and asked EU regulators to take a bloc-wide decision.
The Indian government, for example, has repeatedly ordered Facebook to withdraw the new terms. While, in Europe, privacy regulators and consumer protection organizations have raised objections about how opaque terms are being pushed on users — and in May a German data protection authority issued a temporary (national) blocking order.
A draft of its decision was sent to its EU counterparts in December, needing their approval before being able to finalize the probe.
That decision is currently stuck in a EU dispute resolution procedure, failing to get the full backing of all European data watchdogs.