Whatsapp scans users’ phone books or contact list to find who all can the users chat with from that list. The investigations carried out by Dutch Data Protection Authority (CBP) and the Privacy Commissioner of Canada (OPC), which has been going on since about a year, have found that the messaging company, after receiving all the numbers from a user’s contact list, doesn’t delete the number of non-users but, stores them in a hash form. This practice violates the privacy law of both the countries.
"Once users consent to the use of their address book, all phone numbers from the mobile device are transmitted to WhatsApp to assist in the identification of other WhatsApp users," the report reads.
"Rather than deleting the mobile numbers of non-users, WhatsApp retains those numbers (in a hash form). This practice contravenes Canadian and Dutch privacy law, which holds that information may only be retained for so long as it is required for the fulfilment of an identified purpose," the report reads further.
iOS 6 users are not at the risk of breach of privacy as they are given the option of adding contacts from their phone book manually rather than an automatic scan.
The authorities are going to conduct further investigations in a bid to find out whether Whatsapp has done anything to company with the privacy requirements in both the countries. If the authorities are not fully satisfied with their subsequent findings, they may impose sanctions.
Find the unofficial translation of the Dutch report here [PDF].