The story is a little more involved -- but to summarize, it's a momentary blip until Facebook and WhatsApp become GDPR-compliant. They have agreed to play nice until they are compliant, and my guess is they already have a system in place to allow data sharing. People will likely find any day now that they are accepting the new terms and conditions that allow data sharing to happen. In all likelihood they will be completely ambivalent to the change and simply press the "ok" button when told the terms and conditions on their account have changed.
The facts of the case underscore that not only is this a hollow victory -- Facebook has played the Information Commissioner's office like a finely tuned fiddle.
The merger between Facebook and WhatsApp took place in 2014 with a promise to the EU authorities that data would not be shared.
Remember what two US tech giants make? What's the plural of liar? Let me think -- that would liars. They did, of course, share data, regardless of that promise and have since been fined. One can only imagine Facebook took a decision the data was worth more than the GBP94m fine levied last May.
The Information Commissioner started an investigation in August 2016 and here we are, just over a year and a half later, not with another fine for Facebook. Instead we have a promise not to carry on doing exactly what it had already promised it would never do.
The cynic in me we would suggest Facebook has played the EU authorities and the UK's Information Commissioner for fools. They probably couldn't believe their luck that lying to the EU resulted in a comparatively small fine and that the UK authorities could be dragged in to a process that took so long, they've only now had to say they wouldn't keep on breaking an arrangement they had already undertaken not to breach (and been fined for).
Trouble is, even the Information Commissioner knows that no matter how much it tries to blog about this being a "win" for data privacy, it is actually the most hollow of victories.
There is a fabulous line toward the end of the ICO blog that confirms what everyone with half a brain knew the story would lead to. The undertaking Facebook has given, to actually keep to a promise it made three years ago, will be binding until the company is GDPR compliant.
Yes, that's right -- the law really was almost specifically tailored to allow the tech giants to do whatever they want. That is, of course, as long as they tell consumers about it up front in a privacy update that will just be accepted before we all go off to watch surfing kittens.
So let's recap. In February 2014 Facebook bought WhatsApp for $19bn. It got EU approval for promising not to share data between the two platforms. It broke its word and was fined $122m.
An ICO investigation that was already underway by the time it was fined, then got strung out until this week when Facebook promised to stop sharing data -- you know, that data it had already said it wouldn't share.
This promise will last until GDPR compliance is achieved and, basically, Facebook and WhatsApp mention in a privacy notice they share data and people just blindly click "ok."
If any part of this is sounding like a privacy "win" as the ICO calls it, please let me know. If it sounds like the tech giant once again riding roughshod over EU and UK law, don't bother telling me -- I already know.