25 Jun 2021

Data protection and Big Tech: Is it just a bump in the road?

The topic of data protection and Big Tech keeps on giving.  It appears the subject of data protection simply does not want to leave the main stage and wishes to remain in everyone’s center of attention.  This should not come as a surprise, since the world is only starting to become more integrated in terms of digital services provided by Big Tech companies.

The most recent “controversy” on data protection and Big Tech comes from Germany, or to be more precise, Hamburg’s Commissioner for Data Protection (“Commissioner”).  The Commissioner investigated Facebook’s use of personal data gathered from WhatsApp users and decided to act on the app’s new privacy policy and the way it handles data obtained from its users.  In the investigation, the German watchdog concluded that the new policy update was illegal.   Amid the concerns, the Commissioner issued a preliminary decision, introducing a three-month emergency ban pursuant to extraordinary powers provided by the General Data Protection Regulation.

The next step the regulator will take is to seek a binding decision from the European Data Protection Board (“EDPB”), a forum that gathers regulators from the European Union’s 27 Member States.  If the EDPB reaches a decision, repercussions will impact Whatsapp in the whole bloc.

In a statement issued following the controversial ban, the Commissioner commented on the updated privacy policy that entered into force on May 15th, saying:

“The provisions on data transfers are scattered at different levels of the privacy policy, they are unclear and hard to distinguish in their European and international versions. In addition, the contents are misleading and show considerable contradictions.  Even after close analysis, it is not clear what consequences approval has for users.  Furthermore, consent is not freely given, since WhatsApp demands acceptance of the new provisions as a condition for the continued use of the service’s functionalities.”

Meanwhile, Facebook remained steadfast and stated that it is considering an appeal against the ban.  Furthermore, Facebook’s spokesperson stated that the ban at hand is “based on a fundamental misunderstanding of the purpose and effect of WhatsApp’s update and therefore has no legitimate basis”, and that this measurewill not impact the continued roll-out of the update”, and that WhatsApp will “remain fully committed to delivering secure and private communications for everyone”.

Will this case have an impact on Serbian data protection?

What about domestic data protection?

As follows, a similar mechanism is also envisaged in the Serbian Personal Data Protection Act. Namely, according to Article 79 paragraph 2 point 6, the Commissioner for Information of Public Importance and Personal Data Protection is empowered to impose temporary or permanent restrictions on the performance of the processing operation, including the prohibition of processing.

But beyond all enthusiastic aspirations, the crucial question is whether this authorization will be applied and if so, what its scope will be.