I might be something you didn’t noticed , but the UK left the political Europe with the so called BREXIT.
So the UK is no longer part of the political Europe, and that is the part WhatsApp is talking about, as the European Rules for Data Privacy no longer belongs to the UK.
The people of the UK wanted it that way, and now they have it, with all consequences…!
The GDPR regulations for data privacy have been rolled into UK law as the UK GDPR until at least June 2025 and are compatible with EU law. WhatsApp will need to continue to ensure compliance in its dealings with UK citizens.
Presumably, however, Meta don’t want to set up a specific legal entity for the UK, so they’re shifting legal responsibility to the US division along with other non-EU countries. It has nothing to do with geography and they’ll be dealing with a wide range of data privacy regulations across the countries they provide service to.
There are plenty of US companies who provide services to EU and UK citizens. There is, perhaps, a perceived risk of US agency surveillance if the data is held in the US. I don’t know how much of a risk that is, given WhatsApp is end to end encrypted.
@Ulli This is simple geography. The UK is part of Europe. Germany and Whatsapp seem to have trouble differentiating between Europe and the European Union. The UK has left the Union, but unless we develop technology to physically move our islands we are still part of Europe.
It will be interestgin to seeif this is ever tested. Whatsapp have been clear in their Terms that certain legalities can only be brought to an american court and users are agreeing to this with the 27th April change.
WhatsApp’s wording is unfortunate and superficial. I agree. I am no lawyer and I have no expertise in UK data protection laws, but as they mention: “data will still be protected in accordance with UK privacy and data protection laws”. I am confident that the UK will make sure that this is will be honored by Meta.
P.S. I do not get the repeated references to “Germany” in the matter of WhatsApp changing their policy.
I am not sure that it is necessary to point that out, but you will find the UK there - where “Germany” is talking about cooperation in Europe.
I am a fan of the MPU community. “A place to discuss all things Mac Power Users”. A place “to talk about our shared interests”. Maybe, we should get back there and leave “politics” aside?
WhatsApp has nothing to do with geography, but in that case only with GDPR.
The UK has left the European Union GDPR intentionally!
And the UK GDPR has some deviations from the EU GDPR who are that significant, that the “Decision on the adequate protection of personal data by the United Kingdom - General Data Protection Regulation”
has to be actively renewed every few years (next time 2025).
The UK GDPR allows the Data Transfer to Foreign countries if the Person the Data belong to is informed acc. the UK GDPR about the transfer, and agrees with it!
Exception 1: Do you have explicit consent for the restricted transfer from the person the transferring data is about?
As a valid consent must be both specific and informed, you must provide people with precise details about the specific restricted transfer. You cannot obtain a valid consent for restricted transfers in general.
You should tell people:
the identity of the receiver, or the categories of receiver;
the country or countries to which the data is to be transferred;
why you need to make a restricted transfer;
the type of data to be transferred;
that they are able to withdraw consent; and
importantly, the possible risks involved in making a transfer to a country which does not provide adequate protection for personal data and without any other appropriate safeguards in place.
Public authorities cannot rely on this exception when exercising their public powers.
You may wish to rely on this exception, if you are also putting in place an Article 46 transfer mechanism. This may be the case if, from your transfer risk assessment, you decide the Article 46 transfer mechanism does not provide appropriate safeguards for all risks. In that case, to obtain a valid consent you still need to set out the above information, but only cover the risks which are not sufficiently safeguarded by the Article 46 transfer mechanism.
On the Page you linked, they talk about a cooperation with Poland, France, the Baltic Sea States and the UK.
As far as I remember, the EU alone has currently 27 Members. 21 of them are not mentioned on this site. Does that mean they do not belong to Europe, or are not cooperating with Germany!?
if a transfer of personal data is envisaged to a third country that isn’t the subject of an Adequacy Decision and if appropriate safeguards are absent, a transfer can be made based on a number of derogations for specific situations for example, where an individual has explicitly consented to the proposed transfer