The Center for Digital Democracy (CDD) and the Electronic Privacy Information Center (EPIC) on Monday filed a complaint with the Federal Trade Commission (FTC) regarding the proposed use and transfer of WhatsApp user data to Facebook for targeted advertising and “other” purposes.
The privacy groups termed what they called the “proposed change in business practices” as constituting “an unfair and deceptive trade practice,” subject to investigation and injunction by the FTC.
WhatsApp recently posted an entry to the company blog announcing the first update to its Terms of Service and Privacy Policy in more than four years, saying it plans to share some information with Facebook and the Facebook family of companies to allow the latter basically target users with advertising.
Other companies in the “Facebook family” include Instagram, advertising companies Atlas and LiveRail, and virtual reality company Oculus.
According to WhatsApp, the company plans to transfer “the phone number users verified when they registered with WhatsApp,” and the last time users accessed the app.
This is interesting because as of February 1, 2016, WhatsApp has one billion users worldwide. According to the company—that’s nearly one in seven people on Earth who use WhatsApp each month.
The privacy groups were particularly concerned with the breach of promise inherent in this move, considering that prior to the August 25, 2016 update, WhatsApp’s privacy policy promised, “We do not use your mobile phone number or other Personally Identifiable Information to send commercial or marketing messages without your consent.”
The complaint also stresses the FTC’s jurisdiction to police unfair and deceptive practices.
For Facebook, which paid $22 billion for WhatsApp, the changes are an attempt by the social networking company to earn revenue from the platform.
WhatsApp gives users the option of opting out of the arrangement. Even if users opt out, “the Facebook family of companies will still receive and use this information for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities,” the company said.
The FTC acknowledged that it had received the complaint, but would comment no further.
