backBrazil’s National Data Protection Authority has completed its assessment of how WhatsApp shares personal data with Meta, following the app’s 2021 privacy policy changes. The agency found that the sharing takes place in two distinct ways: in one, Meta acts as a data processor, handling information strictly for WhatsApp’s core messaging functions; in the other, Meta acts as a data controller when connecting WhatsApp to its broader ecosystem of services.
Although most of the data processing occurs under the processor role, the ANPD concluded that the sheer volume of shared data, the companies’ membership in the same corporate group and Meta’s business model based on intensive data use pose heightened risks to users. As a result, it ordered WhatsApp to hire an independent external auditor to ensure Meta is not using the data for its own purposes, such as targeted advertising.
The authority also required WhatsApp to develop a compliance plan to improve transparency, including clear explanations of when Meta is acting as controller or processor, and in which situations the data may be used for advertising if the user chooses to integrate WhatsApp with other Meta services. The decision further mandates adjustments to privacy notices, more detailed disclosures, enhanced transparency screens and clearer descriptions of data categories, reinforcing the need for precise and LGPD-compliant communication.
share
