The Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority said their findings for what they called a "collaborative investigation into the handling of personal information" by the California-based company.
According to CBS news, in a statement, the agencies concluded that the application violated privacy laws in both the Netherlands and Canada because users had to provide access to all of their phone book contacts, including users and non-users of the application.
The two agencies explained that WhatsApp relies on a user's phone number to populate the instant messenger's contacts list.
All the user's phone numbers are transmitted to WhatsApp to "assist in the identification of other WhatsApp users."
But, rather than deleting the phone number of non-users, WhatsApp allegedly retains the numbers, albeit in an unreadable hash form.
According to the report, this falls foul of both Canadian and Dutch privacy law, which states that personal data may only be retained for as long as it is required for the fulfillment of a certain service.