From 27th April UK Whatsapp users will be moved from Ireland to the USA.
They’re not explicitly stating that, but saying:
WhatsApp LLC in the US continues to be the service provider for users outside the European region.
This means legal jurisdiction will be the USA for UK users.
It amazes me just how poor their geography is. Similar to Germany who think anyone not in the European Union is not in Europe.
Just to be clear, the UK is in the European region and part of Europe.
I might be something you didn’t noticed 
, but the UK left the political Europe with the so called BREXIT.
So the UK is no longer part of the political Europe, and that is the part WhatsApp is talking about, as the European Rules for Data Privacy no longer belongs to the UK.
The people of the UK wanted it that way, and now they have it, with all consequences…! 
The GDPR regulations for data privacy have been rolled into UK law as the UK GDPR until at least June 2025 and are compatible with EU law. WhatsApp will need to continue to ensure compliance in its dealings with UK citizens.
Presumably, however, Meta don’t want to set up a specific legal entity for the UK, so they’re shifting legal responsibility to the US division along with other non-EU countries. It has nothing to do with geography and they’ll be dealing with a wide range of data privacy regulations across the countries they provide service to.
There are plenty of US companies who provide services to EU and UK citizens. There is, perhaps, a perceived risk of US agency surveillance if the data is held in the US. I don’t know how much of a risk that is, given WhatsApp is end to end encrypted.
But it doesn’t say the political entity of the European Union, it says European Region.
@Ulli This is simple geography. The UK is part of Europe. Germany and Whatsapp seem to have trouble differentiating between Europe and the European Union. The UK has left the Union, but unless we develop technology to physically move our islands we are still part of Europe.
It will be interestgin to seeif this is ever tested. Whatsapp have been clear in their Terms that certain legalities can only be brought to an american court and users are agreeing to this with the 27th April change.
Probably not, but I’m only speaking from my personal experience.
WhatsApp’s wording is unfortunate and superficial. I agree. I am no lawyer and I have no expertise in UK data protection laws, but as they mention: “data will still be protected in accordance with UK privacy and data protection laws”. I am confident that the UK will make sure that this is will be honored by Meta.
P.S. I do not get the repeated references to “Germany” in the matter of WhatsApp changing their policy.
I am not sure that it is necessary to point that out, but you will find the UK there - where “Germany” is talking about cooperation in Europe.
I am a fan of the MPU community. “A place to discuss all things Mac Power Users”. A place “to talk about our shared interests”. Maybe, we should get back there and leave “politics” aside?
WhatsApp has nothing to do with geography, but in that case only with GDPR.
The UK has left the European Union GDPR intentionally!
And the UK GDPR has some deviations from the EU GDPR who are that significant, that the “Decision on the adequate protection of personal data by the United Kingdom - General Data Protection Regulation”
has to be actively renewed every few years (next time 2025).
The UK GDPR allows the Data Transfer to Foreign countries if the Person the Data belong to is informed acc. the UK GDPR about the transfer, and agrees with it!
Exception 1: Do you have explicit consent for the restricted transfer from the person the transferring data is about?
As a valid consent must be both specific and informed, you must provide people with precise details about the specific restricted transfer. You cannot obtain a valid consent for restricted transfers in general.
You should tell people:
- the identity of the receiver, or the categories of receiver;
- the country or countries to which the data is to be transferred;
- why you need to make a restricted transfer;
- the type of data to be transferred;
- that they are able to withdraw consent; and
- importantly, the possible risks involved in making a transfer to a country which does not provide adequate protection for personal data and without any other appropriate safeguards in place.
Public authorities cannot rely on this exception when exercising their public powers.
You may wish to rely on this exception, if you are also putting in place an Article 46 transfer mechanism. This may be the case if, from your transfer risk assessment, you decide the Article 46 transfer mechanism does not provide appropriate safeguards for all risks. In that case, to obtain a valid consent you still need to set out the above information, but only cover the risks which are not sufficiently safeguarded by the Article 46 transfer mechanism.
On the Page you linked, they talk about a cooperation with Poland, France, the Baltic Sea States and the UK.
As far as I remember, the EU alone has currently 27 Members. 21 of them are not mentioned on this site. Does that mean they do not belong to Europe, or are not cooperating with Germany!?
Feel free to ask me stuff about the Mac, Apple, Mac software and what not. This is why I am here. I may or may not answer regarding those topics.
If you have questions about German foreign policy, you should look elsewhere. There are people answering questions in that matter.
It was your link I referred to, and you talked about that matter…
As does the EU GDPR:
if a transfer of personal data is envisaged to a third country that isn’t the subject of an Adequacy Decision and if appropriate safeguards are absent, a transfer can be made based on a number of derogations for specific situations for example, where an individual has explicitly consented to the proposed transfer
I do not know, where you got this quote from, but it seems to be not part of my english version of the EU GDPR, that I just got from the EU.
From the European Commission website - the commission’s own interpretation of the rules.
So basically as always the simple bit about not using messaging systems for even slightly sensitive data applies.
While I do like my privacy both on the net and in more intimate surroundings my message history at worst would induce narcolepsy in anyone reading it.
I would not trust Google, Meta etc. as far as I could throw them and certainly not with anything sensitive.