Add a contact to a group in WhatsApp without your permission is a “serious violation” by law

• Well established by a resolution of the Spanish Agency of Data Protection in the wake of a case which occurred in the Municipality of Boecillo, Valladolid.
• A council member of said city council created “by mistake” a group in WhatsApp the one that joined up to 255 persons “to provide information of interest to the neighborhood”.
• One of the members of the group who did not give their consent to appear in it took the case to the Agency of Data Protection, which began an investigation.
• The resolution establishes that the city Council has committed a “serious violation” of the Organic Law of Protection of Data, although not imposed on them, fine.

The groups WhatsApp have become the headache of many users. Participants who will not stop to talk or send videos, audios or images, others commenting on… until the point that the vast majority end up being silenced for a week or even a year.

Now, a resolution published by the Spanish Agency for Data Protection (AEPD) provides that to include a user in a group in WhatsApp without your consent it is a “serious violation” violates the right to privacy, since all the members can see the telephone number of the remainder, a personal data protected by law.

In this sense, the AEPD comes in its resolution, the case occurred in the City ofBoecillo (Valladolid), where a council member created a group of WhatsApp which joined thephone numbers of 255 people —including the complainant— the most neighbors of this municipality, “with the purpose of providing information of actions or actions of interest to the neighborhood”.

The incident occurred on the 26th of November 2016, when a council member was trying to create a distribution list by means of WhatsApp with the mobile provided by the neighbors and, “by mistake”, was created by a group instead of a list, as explained in the resolution. Apparently, the council member tried to delete the group in the first few minutes, but only managed to get out of it. Finally, the person who stayed on as manager of the group got dissolved “within three hours of its creation.”

Despite having deleted the group, one of the members decided to take the case to the Agency of Data Protection, which began an investigation, and finally in a resolution states that the city Council has committed a “serious violation” of the Organic Law on Data Protection (LOPD), although ultimately not impose a fine because the pool was closed for a short time it is created.

The plaintiff included in his written complaint, the screenshots with comments of the participants of the group “asking about the source and purpose” of the same. “In these catches appear the mobile phone numbers of the participants who made the comments shown, whose profiles, with personal information in possession of the same, it was accessible to the members of the group created,” says the resolution.

After the Data Protection Agency may require evidence of the consent of the members of the group, the City is only referred 37 writings of those who had given their verbal consent.

therefore, according to the AEPD, “it is proven that the Consistory respondent has used the personal data of the complainant for a purpose other than that for which it was collected, despite the fact that the data may not be processed for purposes other than those for which they were collected”.

Finally, should not have imposed financial sanction at city Hall, “to have been accredited ( … ), as soon as this warned of the irregular situation that had occurred, the necessary steps were taken to close the group of WhatsApp”.

Tecnología