Facebook in 2014, acquired the largest messaging company, WhatsApp. The acquisition was made thinking about the future thinking about joint ventures.
Until 2016 the transfer of personal data had to be consented to by the data controller. In May 2021, Facebook and WhatsApp modified their policies, which were extremely criticized because they were not clear enough.
In short, the policies gave Facebook the right to know the names of the people we chat with and how often we do so.
Consequently, quite a few s began to move to other messaging applications such as Telegram and Signal.
Let’s analyze what happened then
- The data controller and the person in charge of data processing personnel must carry out the cross-border flow of personal data only if the country maintains adequate levels of protection under this Law.
- If the country does not have an adequate level of protection, the issuer of the cross-border flow of personal data must guarantee that the data processing personnel carry out under the provisions of this Law.
The levels of protection that would be provided to personal data were never disclosed, the risk of a violation of personal data is present.
- Uruguayan people were dissatisfied with the violation of the rights of protection of personal data recognized in article 72 of the Constitution of the Republic as an inherent right of the human person.
As WhatsApp wanted to collect very sensitive personal data, such as cookies Uruguayan people were afraid and angry.
- The Federal Law on Protection of Personal Data establishes that the data controller of the data processing must have the ability to decide the use thereof, giving them a treatment of greater security than the data concerning the company.
- If there is a person in charge of the treatment, it is that person who must verify that all procedures are optimally followed, otherwise, they could be severely sanctioned.
Many people agree that WhatsApp would not protect their data more than that of their own company, which is why fear leads to migration.
The Argentinean Personal Data Protection Law establishes in its article 5 that:
- The processing of personal data is illegal when the data controller has not given his free, express, and informed consent, which must be in writing, or by other means that allow it to match, according to circumstances.
Due to the little evolution in that country speaking of technological law, it is doubtful whether clicking on a button would have been accepted as express consent since it could be argued that it was clicked by accident.
If WhatsApp had continued with the policies, it would surely have had cases in court.