back to article Continental: We, er, tire of Whatsapp, Snapchat on work phones. GDPR, innit?

Multinational car parts maker Continental AG has banned its employees from using Whatsapp and Snapchat on their work phones due to concerns over the recently introduced European General Data Protection Regulation. "In the company's opinion, these services have deficiencies when it comes to data protection, as they access a …

  1. Chronos
    Thumb Up

    Interesting stance.

    It's about time this particular leaky hole was plugged. Getting contact details by the back door of making users agree to share them without permission from the actual owners is a concern I've had for a while, which started when these buggers partnered with the now defunct Cyanogen Inc (CNGN, nothing to do with CyanogenMod/Lineage).

    Of course, world+dog are now doing the same thing, so much so that it's pretty much guaranteed that Facebook or some other ne'er do well has your details if you're in more than two smartphones' contacts.

    For now. It will be interesting to see how this pans out. Continental and Gates are the only two manufacturers I'll trust to supply timing belts - now I may have one more reason to prefer Contitech if their policy results in a wider review of this shady practice.

    1. This post has been deleted by its author

    2. Remy Redert

      Re: Interesting stance.

      This processing and holding of private data without permission from the owners is precisely why NOYB is suing Facebook, Google and company under the new rules.

    3. Anonymous Coward
      Anonymous Coward

      Getting contact details by the back door: Lets not forget Firms uploading CRM databases to Facebook

      Really hope this is reigned in as GDPR bites... Right now you can only view Advertisers with your Contact details and block targeted Ads. But that doesn't stop Facebook / WhatsApp shadow profiling the population with these nice juicy details. Instead it should be possible to 'Delete' every single CRM database record that has been tied to your Facebook or WhatsApp account. So much for GDPR working there, its not. Instead every Bank, Telco and advertising wing of every firm, should be sued by NOYB to stop this practice ASAP.

  2. Doctor Syntax Silver badge

    "Whether the ban will achieve anything beyond pushing its employees to using their personal devices for work messaging is perhaps a different matter..."

    This must be a concern for compliance in general: individual employees or departments going behind the DPO's back to keep their own records will get the company in trouble.

    1. John Brown (no body) Silver badge

      Or they could go "old skool" and use email.

    2. big_D Silver badge

      Exactly.

      Company devices will usually be connected to the company's groupware service (E.g. Exchange) and therefore have access to the GAL and PAL contact lists of the company and the user. (CRM systems are another possible connection point.)

      The company has to ensure that the information is handled within the bounds of GDPR. As WhatsApp currently does not comply with GDPR and is illegal (German ICO for, I believe Baden-Württemburg, pointed out that WhatsApp was illegal under the previous European DP laws, because it uploads all contacts to Facebook's servers).

      So, either the user has to disconnect their phone from the company's groupware system and manually enter the phone numbers of contacts who have explicitly agreed to the user passing their contact information to WhatsApp/Facebook, or they have to stop using WhatsApp until such time as it is compliant.

      The company would be similarly liable, if the employee started using their private device for WhatsApp and simply copied their work contacts over, or worse, connected their private device to the company groupware system...

      Systems like Signal, which just uploads a hash of the phone number, or Threema are a much better alternative at the current time... The problem is, you can't just move over yourself, you need to get all of your current WhatsApp contacts to go with you...

      1. ExampleOne

        (German ICO for, I believe Baden-Württemburg, pointed out that WhatsApp was illegal under the previous European DP laws, because it uploads all contacts to Facebook's servers).

        I believe this is, in fact, the case for a lot of the stuff that people are now panicking over in GDPR. The big difference with GDPR is the fines are substantial, where previously they were toothless and most companies simply evaluated the risk of getting caught and fined as far cheaper than actually bothering to read, understand, and comply with, the rules.

      2. Joeyjoejojrshabado

        "The company would be similarly liable, if the employee started using their private device for WhatsApp and simply copied their work contacts over, or worse, connected their private device to the company groupware system..."

        If the employee breaks company rules to do that (which they would be now that Continental's policy says so) they would be personally liable, both wrt the GDPR and to their company (for "stealing" commercial information)

  3. Anonymous Coward
    Anonymous Coward

    I'd be much, much more concerned about the fact WhatsApp and Signal are routinely used in regulated industries, like financial services, to get around archival requirements. I am entirely convinced that if/when something like LIBOR rigging occurs again it will go entirely undetected, because traders aren't sending these messages via email any more.

    1. Anonymous Coward
      Anonymous Coward

      "I'd be much, much more concerned about the fact WhatsApp and Signal are routinely used in regulated industries, like financial services, to get around archival requirements."

      Take a look at the NHS. I know for a fact (because a senior consultant told me) that NHS IT is now so useless and unreliable that they use WhatsApp all the time to share patient info, scans, x-rays, and rest. They do it because it works and they have no time or capacity to faff about.

      Lucky Zuck.

      1. Anonymous Coward
        Anonymous Coward

        "NHS IT is now so useless and unreliable that they use WhatsApp all the time to share patient info, "

        I hope you're trolling. If not, please tell your consultant friend to alert the relevant authority immediately.

        1. Anonymous Coward
          Anonymous Coward

          "I hope you're trolling. If not, please tell your consultant friend to alert the relevant authority immediately."

          Not trolling. From the horse's mouth. I was talking to her during the NHS ransomware meltdown. Everyone was using WhatsApp just to be able to work. It works so much better than NHS systems the habit has stuck.

          I warned her that all that data ends up in Zuck's lap. NFI. [A useful acronym friends and I invented years ago: Not Fucking Interested.] In a contest between patient harm and Zuck not getting the data, the patient wins.

          And, who would the relevant authority be, then? NHS IT, who for whatever reason can't make the NHS IT systems work better than WhatsApp? Or the ICO? You're 'avin a larf, innit?

  4. Chris G

    Premium EU subscriptions

    I can see those selling like hotcakes.

    If a company can't be arsed to figure out it's legal obligations to me, it won't get my business.

    When the last company I worked for wanted to give everyone a phone with Whatsapp and tracking enabled, I declined. They said 'But we won't know where you are or be able to stay in touch', my response; phone or email me and ask where I am.

    Being an outsider was an absolute blessing, I reckon my productivity jumped by a significant margin because manglement were no longer calling me and redirecting me to other tasks when the mood took them, instead I was able to finish most things without interruption.

  5. Voland's right hand Silver badge

    This entirely political move

    This entirely political move

    Bollocks. Someone actually did a proper legal analysis. Nothing political about it - it is about liability. They had a lawyer which either talked to a techie or had a modicum of technical background to see exactly what the apps do.

    We will see more of this as we go along and it is goodness - the F***book view of "Circle - Sharing is Caring" must die.

    1. a_yank_lurker

      Re: This entirely political move

      Agree this is due to decent legal and technical analysis. Many of these apps are not necessary in a business setting as they do not provide any value over more traditional communication methods but only risk of data leakage.

      1. big_D Silver badge

        Re: This entirely political move

        Precisely, either the phone user can access the company groupware solution (E.g. Exchange) or they can use WhatsApp and manuall type in the contact details of people they have received permission from.

        Given that the company is probably more interested in people having the groupware contacts and emails available to their users, WhatsApp and Snapchat have to go, until such time as they become compliant.

  6. Anonymous Coward
    Anonymous Coward

    I'm just staggered that Continental have 240,000 employees?!?!!

    1. Anonymous Coward
      Anonymous Coward

      Tyres are a tiny part of their business, the vast majority is automotive manufacturing. Dashboard electronics, sensors, pumps and stuff like that.

      Conti are the biggest player in this field and supply to pretty much every car manufacturer going...

      1. Anonymous Coward
        Anonymous Coward

        Just as well, since their tyres have half the life of Michelins.

  7. Ken Moorhouse Silver badge
    Coat

    We, er, tire of Whatsapp, Snapchat on work phones

    So they blew a gasket.

    1. Doctor Syntax Silver badge

      Re: We, er, tire of Whatsapp, Snapchat on work phones

      "So they blew a gasket."

      Well played, sir.

  8. Bob the Skutter

    Does GDPR cover having people in your contacts list in your phone so that can ring them or send them a text?

    1. big_D Silver badge

      No. Because you are not passing all of their contact information to a third party service in order to send the message or talk to them.

      WhatsApp takes the complete addressbook and uploads it to WhatsApp/Facebook servers, which is illegal under EU data protection laws (before GDRP) and even more so now. Other services, such as Signa, upload a hash of the number for comparison with registered users of the serivce and throw it away afterwards; that just about gets around GDPR.

      1. big_D Silver badge

        Sorry, that should be yes, GDPR does cover it and it is, within limits, legal.

        If it is a company phone, the employer has to have a policy in place allowing the use of contacts on the phone and what limits are applied, ensuring the information is safe (pin code to open the phone, remote wiping etc.).

    2. Aqua Marina

      If you are a business, yes it does, otherwise it’s fair use.

  9. Anonymous Coward
    Anonymous Coward

    GDPR - Reality Bites

    Nice! GDPR is concentrating minds already. When its your head on the block and not the supposedly 'free' privacy-raping messaging service you got too-used to using rather lazily... Isn't it amazing how that can concentrate minds! WhatsApp Founders are out so we know its Privacy Apocalypse time!

  10. Anonymous Coward
    Anonymous Coward

    To: Continental Executives:

    Try 'Signal' next time. But watch-out in case it too becomes toxic in time...

  11. tiggity Silver badge

    I really hope

    Some of their phones had nasty contact slurpers "system app" pre installed and so (without jumping through rooting hoops) impossible to uninstall thus GDPR illegal as user could accidentally fire them up.

    Really needs a big GDPR inspired legal action to stop phone makers / telcos installing junk that cannot be easily removed

    (obv rant mainly about android)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like