Italy and France have launched investigations into Yahoo and Facebook’s WhatsApp messenger app after Europe’s data privacy watchdog raised ‘serious concerns’ about how the technology companies handle user information.

The EU is putting pressure on the Silicon Valley companies to explain how they use customer data after WhatsApp changed its privacy policy to allow it to share user information with Facebook and Yahoo Mail suffered what is thought to be the largest data breach ever.

Isabelle Falque-Pierrotin, chairwoman of the Brussels’ Article 29 data protection working party, sent letters addressed to WhatsApp chief executive Jan Koum and Yahoo chief executive Marissa Mayer, demanding more detail and asking them to co-operate with the national data protection agencies.

Ms Falque-Pierrotin criticised WhatsApp for sharing data with Facebook even though it had said when it was acquired in 2014 it would not do so. "These changes have been introduced in contradiction with previous public statements of the two companies ensuring that no sharing of data would ever take place," she wrote.

WhatsApp announced in August it would share personal information with its parent company. User data provided to WhatsApp such as phone numbers and device type can now be used to target advertisements on Facebook. WhatsApp users were then notified of the policy change and were given 30 days to opt in or out, or face not being able to access the app.

The German regulator has already criticised the policy change and Facebook is appealing against a ban on storing the data of WhatsApp’s 35m German users. On Friday, Italy's competition watchdog opened up an antitrust investigation into WhatsApp for a possible violation of consumer protection laws, to establish whether the US messaging service forces users to hand over personal data to Facebook. French regulators also launched an investigation on Friday.

WhatsApp’s new data policy has also attracted the attention of Europe’s competition commission. The regulator approved Facebook’s $22bn purchase of WhatsApp in 2014 after the social network’s assurances that WhatsApp data would not be shared.

WhatsApp said it was working with the data protection authorities to address their questions. A spokeswoman said: “We’ve had constructive conversations, including before our update, and we remain committed to respecting applicable law.”

Earlier this week, WhatsApp chief executive and co-founder Jan Koum defended the company against criticisms of its privacy policy change, arguing that the messaging app was still designed to know as little about its users as possible.

Speaking at the WSJD event in Laguna Beach, he said the app did not have a wealth of information about its users, whose messages and calls are protected by end-to-end encryption, and did not even know their names or genders.

The SMS-replacement app is now looking to generate revenue by allowing businesses to communicate with its users, replacing text messages sent by banks to warn customers of potential fraud or creating new ways for customers to talk to businesses without spending time on hold to a call-centre.

The biggest change in the policy was that WhatsApp will now share a user’s phone number with its parent company, so marketers in the main Facebook app can use the number to target advertisements, including placing the phone numbers in a database which anonymously matches with marketers’ own customer databases.

In her letter to Yahoo's Ms Mayer, Ms Falque-Pierrotin said Yahoo must devote "significant resources" to understand and communicate all aspects of the "unprecedented data breach" to Europeans whose data were exposed.

She also addressed a recent Reuters report that claimed that Yahoo scanned customer emails on behalf of the US intelligence agencies. "It will be important to understand the legal basis and justification for any such surveillance activity, including an explanation of how this is compatible with EU law and protection for EU citizens," she wrote.

Yahoo did not respond to a request for comment by the time of publication.

Source: Financial Times