From the French data protection authority, CNIL:
In 2014, the company WHATSAPP was acquired by the company FACEBOOK Inc. On 25 August 2016, the company WHATSAPP released a new version of its Terms of Service and Privacy Policy for its application WhatsApp. It is explained that from now on, its users’ data are transferred to the company FACEBOOK Inc. for three purposes: targeted advertising, security and evaluation and improvement of services (“business intelligence”).
Following this update, the WP29 (group of European CNIL) requested explanations from WHATSAPP on the processing implemented on the occasion of this data transfer and asked the company to stop this transfer for targeted advertising purpose. The WP29 also mandated its subgroup in charge of the cooperation on investigations and sanctions (“enforcement subgroup”) to coordinate actions of the authorities planning to conduct investigations.
It is in this context that the Chair of the CNIL decided, in order to verify the compliance of the processing implemented by WHATSAPP with the Act, to carry out online inspections, to send a questionnaire to the company and then to summon it to a hearing,
The CNIL was informed by the company that the data of its 10 Million French users have actually never been processed for targeted advertising purposes.
However, the investigations found violations of the French Data Protection Act.
Read more on CNIL.