In a statement on the ICO's website, Elizabeth Denham, the UK's Information Commissioner, explained the reasons for the probe: "I had concerns that consumers weren't being properly protected, and it's fair to say the enquiries my team have made haven't changed that view. I don't think users have been given enough information about what Facebook plans to do with their information, and I don't think WhatsApp has got valid consent from users to share the information. I also believe users should be given ongoing control over how their information is used, not just a 30 day window."
While Facebook has stopped using WhatsApp data for "advertisements or product improvement purposes" in the UK for the time being (it's not clear how this will affect European users), the ICO isn't stopping there. It's asked the company to sign an "undertaking" that lays out how it will collect and use data and give users "ongoing control" over what is shared. "We think consumers deserve a greater level of information and protection, but so far Facebook and WhatsApp haven't agreed, said Denham. "If Facebook starts using the data without valid consent, it may face enforcement action from my office."
The ICO is aware that as startups and digital companies harvest data, bigger corporations are snapping them up purely to merge datasets and reveal "intrusive" details about them. "It's a problem that is broader than data protection, and we're speaking with industry, competition regulators and consumer groups to see how we can make people clearer on the law," the Commissioner concluded.