Dutch and Canadian regulators have criticised messaging app WhatsApp after a joint investigation found it was violating privacy principles in relation to retention, safeguard and disclosure of personal data.
The investigation was carried out by the Dutch Data Protection Authority and the Office of the Privacy Commissioner of Canada.
Though WhatsApp has taken some steps to implement recommendations, the investigation found that some issues remain that have yet to be addressed.
The investigators said when smartphone owners installed WhatsApp they were asked to access their address books, with phone numbers then transmitted to its servers, even those of people not signed up to the service. Data is then stored in a hashed form.
“This practice contravenes Canadian and Dutch privacy law, which holds that information may only be retained for so long as it is required for the fulfilment of an identified purpose,” said the regulators.
Though the Canadian regulators do not have the power to issue sanctions, the Dutch Data Protection Authority says it could take punitive action if the terms are not changed.
Only iPhone users running the latest version of Apple’s iOS operating system have the option of manually adding contacts.
Whatsapp is yet to comment on the report.
