A German privacy regulator ordered Facebook on Tuesday to stop collecting and storing data of German users of its messaging app WhatsApp and to delete all data that has already been forwarded to it.
The Hamburg Commissioner for Data Protection and Freedom of Information said Facebook was infringing data protection law and had not obtained effective approval from WhatsApp’s 35 million users in Germany.
“After the acquisition of WhatsApp by Facebook two years ago, both parties have publicly assured that data will not be shared between them,” commissioner Johannes Caspar said in a statement.
See also: How Twitter Could Change Under the Umbrellas of Disney, Salesforce, or Google
Facebook (FB), the world’s biggest social network, bought WhatsApp for $19 billion in cash and stock in an effort to reach a younger audience.
“The fact that this is now happening is not only a misleading of their users and the public, but also constitutes an infringement of national data protection law,” Caspar added.
Facebook, which has its German headquarters in Hamburg and therefore falls under Caspar’s jurisdiction, said in a statement that it complied with EU data protection law.
“We are open to working with the Hamburg DPA in an effort to address their questions and resolve any concerns,” it said.
The data watchdog said Facebook and WhatsApp were independent companies that should process their users’ data based on their own terms and conditions and data privacy policies.
The Hamburg commissioner’s move comes after EU and U.S. regulators said they would scrutinize changes to privacy settings that WhatsApp made in August.