It is generally known that data protection plays a major role within the EU and especially in Germany. It is therefore not surprising that the German Federal Cartel Office wanted to take a closer look at the data protection of well-known messenger services. In view of the increasing demand as a result of social changes such as increasing home offices, this is entirely appropriate. The results of the investigation launched in 2020 make it clear that the standards of the General Data Protection Regulation (GDPR) are often taken lightly.
Messengers violate GDPR
When it comes to data protection, some well-known messengers and video services seem to have a lot of catching up to do. For example, an extensive investigation by the German Federal Cartel Office revealed that some providers sometimes store collected user data in the USA. This approach is not legal and violates the GDPR in force in the EU. The latter stipulates that data storage is only legal if the corresponding location also has a similar level of data protection as the EU itself. This is currently not the case in the USA. The Federal Cartel Office has presented its findings in fairly general terms. For example, the authority does not name the services concerned.
This would not be the purpose of a sector inquiry such as the one conducted in this case. Rather, the purpose is to identify abuses. And these seem to be questionable. After all, a large proportion of the services rely on data storage outside the EU. Furthermore, the authority was able to work out that even consumers who do not use the service themselves are affected. This is possible because the providers sometimes analyze and synchronize the entire contacts and thus also store them unintentionally. If these cases are indeed permanent storage, this would also be a violation of the GDPR.
- See already? Federal Cartel Office: Microsoft becomes a test case
Federal Cartel Office fears no timely improvements
According to Andreas Mundt, president of the German Federal Cartel Office, it is primarily the everyday nature of messengers that poses a major problem. Because consumers now use services like WhatsApp without thinking, they often don’t ask themselves how things actually stand in terms of data protection. And that doesn’t just apply to users. The services themselves also tend to take a rather stepmotherly approach to the issue. In the view of the data protection authority, this cannot be allowed to continue. Instead, both users and providers should give data protection a higher priority.
But it is not only the weak data protection that concerns the consumer protection agency. On top of that, the authority is frowning at the market power of some providers. WhatsApp, for example, has a market share of over 90 percent. In order to bring this dominant position to a healthy level, the Federal Network Agency threw the idea of interoperability into the room in 2021. In terms of this, the services would have had to make their messengers compatible with each other. The Digital Markets Act in force in the EU even put this idea in writing and made it mandatory. When the whole thing will be implemented, however, is still questionable at the moment.
- Also interesting: Federal Cartel Office wants to examine PayPal’s rules
Risks of interoperability
Interoperability between messengers would bring a key advantage. For example, users would not be forced to remain in one of the services in order to communicate with their existing contacts. Nothing would then stand in the way of switching to another provider. For example, users could switch to a service that attaches greater importance to data privacy. But from the authority’s point of view, the whole thing would not only have advantages. Negative consequences cannot be categorically ruled out either. The Federal Cartel Office not only fears that this could slow down innovations. On top of that, technical hurdles could arise if different messengers were to work together. This forced compatibility could then in turn stand in the way of effective data protection.