WhatsApp Messenger, a Facebook Inc. subsidiary since February 2014 with over 2 Billion users globally, announced an updated user privacy policy on 04 January 2021 that has caused confusion and concerns worldwide over what their intentions are regarding personal data. Users who do not comply with and accept the updated WhatsApp policy were to be blocked from utilising the service from 08 February 2021, now postponed to 15 May 2021.
WhatsApp has subsequently released posts to their social media as well as blogs and FAQs on their website to clear up some of the confusion surrounding the details of their updated policy. Their attempts at trying to clear up the confusion, however, have not prevented many users from jumping ship, opting for privacy-focused messaging apps such as Telegram and Signal Messenger.
The situation has consequently sparked worldwide debate and concern over privacy and personal data linked to data collection, analytics and insights, forcing many national, regional and international privacy protection agencies to step forward to provide answers to the questions that have been raised.
India’s Ministry of Electronics and Information Technology, for example, which represents one of WhatsApp’s biggest userbases at 450 million users, contacted the Facebook-owned messaging company with ‘grave concerns’, stating that it felt that Indian Citizens were given differential and discriminatory treatment by not providing them the same treatment as European users – as reported by Reuters. They subsequently also called upon Facebook to withdraw the
proposed changes. The Italian data protection agency, Garante Per La Protezione Dei Dati Personali (GPDP), also raised concerns over WhatsApp’s updated policy as they found it unclear and not enabling users to understand what changes had been introduced, or the processing operations that were to be factually carried out by WhatsApp after the 8th of February. The issue was then escalated to the European Data Protection Board (EDPD).
Tech moguls, including the likes of, Elon Musk (CEO of Tesla and SpaceX), Jack Dorsey (CEO of Twitter), Brian Acton (co-founder of WhatsApp and now Signal) as well as ex-CIA employee and American whistle-blower Edward Snowden, and many others, have also stepped forward and shared their views, endorsing the move away from WhatsApp. This has subsequently led to a rapid surge in signups to the Telegram and Signal Messenger services.
In the 1st week of January, after the release of the updated WhatsApp privacy policy, Telegram posted that their active users surpassed 500 million, increasing by 25 million in only 72 hours. Signal Messenger also saw a surge in signups which caused delays where new users were not receiving the confirmation codes, an issue that was resolved very quickly by the Signal team.
A tweet by KT Tunstall, later retweeted by Signal, included an image comparing what data each app/service (Signal Messenger, Telegram, WhatsaApp Messenger and Facebook) collects from devices. It sparks the questions of whether all this collected data is absolutely necessary for the apps and services to function, what happens with the data and how long is it stored, who exactly has access, and how to opt-out if you prefer to keep your data private.
WhatsApp was also caught unawares when internet researchers found Google Search had in fact already indexed WhatsApp messenger group chats. A simple Google Search (at the time) for ‘site:chat.whatsapp.com’ returned 470 000 results, as discovered by Jane Manchun Wong, a tech blogger and reported by The Economic Times – WhatsApp fixes bug that leaked group chats on Google Search. The links allowed anyone to view and join the supposedly private group chats. WhatsApp rushed to fix this within a few hours of being notified and had the information cleared from Google Search.
All of this controversy has caused much concern worldwide regarding whether WhatsApp and Facebook’s data and privacy practices are illegal or underhanded. The following are some answers to the most common concerns:
- Can WhatsApp access my private messages and chats?
- WhatsApp uses end-to-end encryption preventing a middleman or third-party, including WhatsApp themselves, from reading the content of messages.However, WhatsApp does collect metadata (data about data) which can include details relating to who sent the message, the various recipient/s, what devices were used, what time of day and gps location it was sent from, the internet connection or network and service provider, size of the message (size of the data) and quite a bit more. See Automatically Collected Information section of WhatsApp’s updated policy – here
- What data is WhatsApp planning to share with Facebook, their partners, and third-party companies?
- The WhatsApp privacy policy stipulates that the data collected is mainly intended to assist businesses to communicate and provide better services and marketing to users. The exact data points collected are not clearly defined by the company.Facebook Inc.’s goal seems to involve building a complete personal profile for all of its users, down to their most basic desire, allowing Facebook to predict and potentially guide the users’ actions. This is similar to a common marketing technique where a marketer or salesperson gets to know the customer by asking ‘discovery’ questions in order to gain insight into the customer’s personality and needs so as to increase the success rate of a sale. Facebook does do this at a much larger scale.Linkedin has a great article on this type of profiling by Shawn Fowler – Here.
- Is my data safe with Facebook’s track record of data breach incidents?
- Facebook Inc. and Mark Zuckerberg himself have promised to pay more attention to user privacy and security of the data.Looking back at the data breaches (hacks) and information leaks (service misconfigurations and negligent data handling) surrounding Facebook Inc., the promises of a better tomorrow seem less reassuring. We can only hope that Facebook Inc. indeed intends to improve their privacy and data security practices and follows through with their and Zuckerberg’s promises before it’s too late.
- Why can I not opt-out?
- This is the big question.
WhatsApp and Facebook are very conscious of the restrictions imposed when dealing with EU nationals and the GDPR and have thus taken a more modest stance, providing ‘specialised’ Terms of Service and Privacy Policy for any user protected by the data protection regulation (GDPR). There will no doubt be consequences too for South Africa with our new POPI Act that legislation is having activated in July this year.India, Italy, South Africa, and many others are asking the question, why? If the collection of data by WhatsApp, Facebook, and affiliates potentially infringes on the GDPR, which is designed to protect personal privacy, then why was the rest of the world not afforded the same considerations?
- This is the big question.
- Why is there a different privacy policy for the EU (GDPR protected regions/users)?
- All companies and organisations must comply with Europe’s GDPR (General Data Protection Regulation) or face lawful action and fines which could cost them millions or potentially billions of Euro in annual revenue.
- What are they not telling the users?
- It is proving to be quite difficult determining the real motive behind the likes of Facebook’s statements on the matter of privacy protection. We can continue using their services and hope they keep to their claims and promises or, as many have suggested, drop the company’s products for others that focus more on personal privacy rather than the monetization of user data, personal or otherwise.
Facebook Inc. (WhatsApp, Instagram, etc.) does unfortunately seem to be driving a wedge between itself and its users, causing mistrust and sparking the migration to more secure, privacy-focused apps and services. Many businesses have been built and rely on Facebook Inc.’s services and will likely need to continue to use the platform, ignoring privacy concerns. However, as people become more privacy conscious it will become harder for companies whose business models are built on the monetization of user data to operate within the boundaries of the law (GDPR, POPIA, etc.).
Many people have chosen to utilise privacy focused messaging apps alongside WhatsApp, reducing and limiting what information is knowingly shared via the Facebook-owned service while others have completely removed the intrusive app/s from their devices and lives. Whether people continue to use WhatsApp or not is entirely up to them though.
See the WhatsApp Privacy Policy – here