Messaging platform WhatsApp has confirmed it is still not sharing the data of EU users with its parent company Facebook, as engagement continues with the Irish data protection regulator over controversial changes to its privacy policy last year.

WhatsApp published a frequently asked questions (FAQ) section on its website on Wednesday, aimed at explaining the changes and its sharing policies to users.

The Data Protection Commissioner (DPC) said the information represented the first stage in resolving the issues around user consent and data sharing with Facebook.

The messaging app updated its terms of service and privacy policy on August 25th last year and the controversial changes included that WhatsApp would share users’ details, including their phone numbers, with the Facebook group of companies.

In the new information for users in the EU, the company said it would not share EU users’ information with Facebook for improving their Facebook products and to provide them with more relevant Facebook ad experiences until it reached “an understanding with the Irish Data Protection Commissioner on a future mechanism to enable such use – and we will keep our EU users updated”.

Although WhatsApp is not established in Ireland, the DPC said it had used its existing regulatory relationship with Facebook Ireland to seek a resolution to the issues, via extensive discussions with WhatsApp and Facebook Ireland.

It welcomed the newly published information as a positive step towards greater transparency for EU users of the app and it was pleased that Facebook and WhatsApp had restated their commitment to engagement with the office.

The DPC also welcomed the companies’ confirmation that the current data sharing suspension would continue during the ongoing engagement, specifically related to data sharing for use by Facebook Ireland to present products and ads.

The DPC said its engagement with WhatsApp and Facebook, and any outcomes arising from that, were “completely without prejudice to the actions of any individual data protection authorities in relation to these matters”.

Irish regulator Helen Dixon and several other EU data protection authorities took action or made enquiries to WhatsApp, Facebook Ireland and Facebook Inc. within a short time of the update to the privacy policy last year.

Clarity

During its examination, the DPC looked at the level of clarity provided to WhatsApp users on how their data would be shared and used, and the process that was used to obtain consent from WhatsApp users for that data sharing.

It examined how users’ WhatsApp data would be used by Facebook Ireland to determine the Facebook products and ads that would be presented to them if they were also Facebook users.

The DPC said FAQs represented “the first stage in resolving these issues, by providing more clarity and transparency to WhatsApp users on how and why their data is being shared and used”.

It was “continuing to actively pursue a resolution of the remaining issues related to the consent process, through ongoing engagement with WhatsApp and Facebook Ireland”.

Its objective was the implementation of a consent process for all existing and new WhatsApp users, “so that their consent is obtained in a fair, legal and transparent way that offers them a choice on how their personal data is shared and used”.

In May, the European Commission fined Facebook €110 million for providing misleading information about its 2014 takeover of WhatsApp.

The European commission said it had imposed a “proportionate” fine to send a clear signal that all firms must comply with EU competition rules, including the obligation to provide correct information.

Facebook had told the commission it would not be able to match user accounts on both platforms, but went on following the acquisition to do exactly that.