MOBILE MESSAGING SERVICE Whatsapp has come under fire from Dutch and Canadian data protection authorities after a joint investigation revealed that it illegally stores users' address book information on its servers.
The Dutch Data Protection Authority (DDPA) and the Office of the Privacy Commissioner of Canada (OPCC) both argue in a collaborative report that the service - which enables sending messages, images and videos over internet connections between smartphones - failed to delete information from the address books of people not signed up to the service and stored it in hash form.
When installing Whatsapp, the service asks permission to run a friend identification check so users can can find which of their friends are also using the service. The regulators said that though it is not illegal for Whatsapp to copy data belonging to non-users, it is illegal for the app not to delete that information after doing so.
"This practice contravenes Canadian and Dutch privacy law, which holds that information may only be retained for so long as it is required for the fulfilment of an identified purpose," the regulators said.
The regulators also complained that only iPhone users running iOS 6 can manually add contacts within the app, meaning that Android and Windows Phone users have no choice but to have their whole address books scanned.
Whatsapp has yet to comment on the report. µ