Germany’s data protection regulator for Facebook is banning the social network from processing personal data from WhatsApp users because it views the messaging app’s new terms of use as illegal.
Regulator Decision
The decision follows emergency proceedings opened by the regulator in the city-state of Hamburg last month after WhatsApp required users to consent to new terms or stop using the service.
This order seeks to secure the rights and freedoms of the many millions of users who give their consent to the terms of use throughout Germany. My objective is to prevent disadvantages and damages associated with such a black-box procedure
Johannes Caspar (Hamburg’s data protection officer)
Caspar, who leads domestic oversight of Facebook under Germany’s federal system as its country office is in Hamburg, announced his decision before a May 15 deadline for consenting to WhatsApp’s new terms.
WhatsApp, which is owned by Facebook, said the action by the Hamburg data protection authority rested on a fundamental misunderstanding of the purpose and effect of its update and therefore had no legitimate basis.

“As the Hamburg DPA’s claims are wrong, the order will not impact the continued roll-out of the update. We remain fully committed to delivering secure and private communications for everyone,” a WhatsApp spokesperson said.
New Challenges for Facebook
Since 2018, online privacy has been subject to a European Union rulebook, called the General Data Protection Regulation (GDPR). Under the GDPR, Ireland leads oversight of Facebook because the company’s European headquarters is there. This regulatory action in Germany over Facebook’s privacy policies, with its national antitrust regulator waging a legal battle over data practices it says amount to an abuse of market dominance.
Check out : Instagram will let users add up to four pronouns to their profile that will appear next to their username.
This has resulted into a three-month freeze on Facebook’s collection of WhatsApp user data under extraordinary powers foreseen in the GDPR. It will hand the case over to the European Data Protection Board, an independent EU body that enforces rules throughout the 27-nation bloc.