Hands off WhatsApp!

The WhatsApp messenger service is not compatible with the General Data Protection Regulation (GDPR). It should therefore not be used in the workplace. In the words of the Lower Saxony State Office for Data Protection: "The LfD Lower Saxony has already publicly emphasized several times that the use of WhatsApp by companies for business communication violates the General Data Protection Regulation (GDPR)."

The main reason for the infringement is the technical process used by Facebook subsidiary WhatsApp Inc. in California. A user registers there with their mobile phone number and the messenger service then reads the address book of users on their smartphones unnoticed. Ostensibly to locate other WhatsApp users. This comparison is repeated at regular intervals.

Despite all the data collection mania, the company is trying to keep a 'lean foot' on its own shoulders: Users alone are responsible for the legality of data transmission. In the event of a case, the criminal provisions of the GDPR would then also apply to the users alone. According to its 'Privacy Policy', WhatsApp also uses the data obtained for its own purposes: The company reserves the right to make extensive use of the information collected, for example for "measurement, analysis and other company services". In addition, WhatsApp generally shares information with other Facebook companies.

The conclusion of the German data protection experts: "The transmission of contact data from the address book to WhatsApp is regularly inadmissible." To make matters worse, possible sanctions under the GDPR would only affect the company that allowed the use of WhatsApp in its area of responsibility.

The advice to companies and organizations can therefore only be this: Ban the use of WhatsApp at all operational levels.