The watchdog said the social media giant faces action if it uses such data without valid consent.

The Information Commissioner’s Office (ICO) had said in August that it would monitor WhatsApp’s new privacy policy, after WhatsApp, acquired by Facebook in 2014, said it would share user data with its parent company.

“We’re pleased that they’ve agreed to pause using data from UK WhatsApp users for advertisements or product improvement purposes,” the head of ICO, Elizabeth Denham, said in a statement.

“If Facebook starts using the data without valid consent, they may face enforcement action from my office,” she said.

The regulator said it had also asked Facebook and WhatsApp to sign an undertaking committing to better explaining to customers how their data would be used and to give them ongoing control over the information.

However, the companies have so far not agreed.

“We think consumers deserve a greater level of information and protection, but so far Facebookhasn’t agreed,” Denham said.

Facebook and WhatsApp did not immediately respond to a request for comment.

The two companies have also come under scrutiny from the wider group of the EU’s 28 data protection authorities, who last month requested that the popular messaging service pause sharing users’ data with its parent company until the appropriate legal protections could be assured.

Denham said she did not think users had been given enough information about what Facebook would do with their data and that WhatsApp had not obtained valid consent.

Enforcement action could ultimately lead to fines. Such fines are small compared to the revenues of the companies concerned. However, a new EU-wide data protection law coming into force in 2018 would change that with fines of up to 4% of global turnover.

For more about WhatsApp, watch:

Denham said she would keep pushing the issue along with other privacy watchdogs, notably the Irish authority which has the most sway over Facebook (FB) since the U.S. company’s European headquarters are in Ireland.