On 4 January 2021, WhatsApp announced a new version of its Privacy Policy. The changes to the Privacy Policy were expected to take effect on 8 February 2021. As of that date: (a) users who had expressly accepted the changes could continue to use the app, and (b) users who had not expressly accepted the changes could no longer use the app.
A wave of outrage followed after WhatsApp began to notify its users to accept the changes. Many users turned to social networks to express their discontent and clamoured for alternatives to the messaging app. It was not too long before users began to jump ship. In the past few days, the world witnessed the number of downloads of applications like Telegram and Signal skyrocketing.
The public outcry is based on the conception that with the new version of the Privacy Policy, WhatsApp will now share users’ data, including private chat messages, with other companies in the Facebook group. The uproar was so significant, that WhatsApp postponed the implementation of the new Privacy Policy until May 15th, seeking to clarify the real scope of the new changes. But does the new policy really allow Facebook to read our chats? Let’s find out.
What are the changes in WhatsApp’s Privacy Policy?
Before jumping right into the changes to the privacy policy, let’s step back and understand what privacy policies currently exist. WhatsApp has two Privacy Policies:
One applies to users who reside in the “European Region” (link), which includes, the countries of the European Union and the United Kingdom (even post-Brexit); and,
the other applies to users residing in any other territory or country in the world, including, the USA, Canada, Singapore and India among others. (link). There are some exceptions applicable to the State of California and Brazil.
Once WhatsApp decided to implement a privacy policy update, users in Europe and the rest of the world received two different notifications regarding the new version:
European Region Notification | Rest of the World Notification |
---|---|
Does Facebook now have access to my chat messages?
The good news is that the change to WhatsApp’s Privacy Policy has nothing to do with any changes to the technology behind the service. This means that chat messages exchanged with family and friends remain protected by end-to-end encryption (one of the selling points of WhatsApp). In other words, the message is stored and encrypted at the point of origin (the sender) and stored and decrypted at the point of arrival (the recipient). Because the message does not pass through the WhatsApp servers, WhatsApp (and therefore the other companies in the Facebook group) cannot access the messages.
In this regard, two relevant clarifications are worth making:
- There are only two situations where the message is temporarily stored on the WhatsApp servers, albeit in encrypted form (but nothing has changed about this). The first is in the case of undelivered messages, when for example, the recipient is offline. The second is in the case of media (photos and videos) that become popular, to make sharing technically easier and more efficient.
- The end-to-end encryption that is applicable to messages in the chat, is not applicable to the storage of the messages (backup) by the service providers chosen by the users (e.g. GoogleDrive, OneDrive, iCloud, etc.). But then, we are out of the “WhatsApp” environment.
How does WhatsApp’s New Privacy Policy change the relationship with other companies in the Facebook group?
Changes Applicable in the “European Region” (including the European Union and the United Kingdom):
The current WhatsApp Privacy Policy for the “European Region” (including the European Union and the United Kingdom) is dated 24 April 2018 (link). The main changes in the privacy policy related to the relationship with other companies in the Facebook group, that is being talked about heavily on social media, does not even apply to the “European Region”. In fact, it is even clearer in the new version of the Privacy Policy that situations where WhatsApp can share data with other companies in the Facebook group are restricted and for the purposes and benefit of WhatsApp only.
Therefore, in the case of the “European Region”, data that WhatsApp shares with other entities within the Facebook group cannot be used, for example, to improve the services of these other entities or for their marketing campaigns. The data is shared so that WhatsApp receives services that allow it to ensure the security and integrity of the application, improve its services and its user experience, and design its own marketing campaigns.
Despite these revelations, given Facebook’s track record in handling users’ data, this does not mean that users should rest easy. However, this only means that nothing has changed from the scenario that existed before the Privacy Policy was changed.
This is yet another example that the European Union’s efforts to protect its citizens’ data has been fruitful. Nevertheless, the Facebook group is in discussion with Irish data protection authorities on their data sharing practices and policies for the “European Region” and there may be news in the coming months.
Changes Applicable to the Rest of the World (including the USA, Canada, India, Singapore, etc.):
The WhatsApp Privacy Policy for the rest of the world (including the US, Canada, Singapore, India, etc.) is dated 20 July 2020 (link). In this case, the outburst of concern on social media regarding the sharing of data is one that stands true. However, this data sharing was already possible as a result of the previous version of the Privacy Policy (from 2020). According to the previous policy, WhatsApp was able to share its users’ data with Facebook group entities for their purposes and benefit. The only change that is brought about by the new Privacy Policy, is that it expands the scope of such data sharing.
Though WhatsApp is sharing data with other Facebook entities, it is true that chat messages between friends and family will not be shared. However, this is not a reason for users to breathe a sigh of relief. The type of data shared with other entities in the Facebook group is more than enough for the organisation to know increasingly more about its users and to use that information to influence behaviour. This is definitely an alarming concern.
So what has really changed in WhatsApp’s New Privacy Policy?
The most significant changes to the WhatsApp Privacy Policy concerns the interaction between businesses and WhatsApp users. This is where, depending on the options of each business, user data can be shared with other entities in the Facebook group. This data is related to the business relationship at hand (i.e., between the business, which sells products or services, and the user, which purchases them).
According to WhatsApp’s clarifications, this interaction and data sharing can happen in three contexts (link):
- Enabling customer service. This encompasses chats with businesses when users need to ask questions, make a purchase or are seeking helpful information.
- Discovering a business. When individuals discover businesses through ads on Instagram or Facebook, often these show a button which directs one to messaging businesses directly on Whatsapp. Clicking on these ads will be used to personalise ads on Facebook.
- Shopping experiences. The next element is online shopping. Certain businesses that have shops on Facebook or Instagram could also have a shop on their WhatsApp business profile. This will allow users to view products on Facebook and Instagram shops, while also allowing one to shop directly from WhatsApp.
Why is this relevant? The Big Picture
Ultimately, WhatsApp’s data sharing practices and policies will not be far different from other social networks (and many other apps) that we use on a daily basis, for which we do not pay with coins and cash, but rather with our data or attention. This means that the decision whether to continue using WhatsApp, based on its data sharing practices and policies should not have a different outcome as compared to other apps like Facebook, Instagram, Messenger, TikTok, YouTube, Gmail, etc.
Today there are alternatives to social networking apps as well as other apps that focus on user data privacy (DuckDuckGo, Telegram, Signal, ProtonMail, etc.). Fortunately, this is an alternative today, but it does not mean it is the only legitimate one. After all, everyone should define for themselves how much of their privacy and free will they are willing to sacrifice for the sake of convenience.
Even so, we should all be aware that greater integration between platforms, means that greater amount of data is held by the same entities and consequently, will result in the greater centralisation of data. This greater centralisation of data has many alarming implications that can lead to easier identification of an individual and his/her personal, family, social, economic context, etc. It can be easier to understand, anticipate and influence an individual’s behaviour (link). It can also create significant barriers to entry for other business operators, which will tend to result in monopolies or oligopolies, fewer alternatives and subsequently, less freedom. This will inevitably also have significant risks to the foundations of our democratic society.
As we enter the future that is increasingly digitally enhanced, we must tread carefully, be aware of tech giants’ privacy policies and not accept them blindly. If we stay informed and make decisions wisely, we may just be able to escape the clasp of invasion of privacy and avoid being controlled by algorithms that feed on our data.
Stay up to date with the latest knowledge in digital finance through CFTE’s courses, so you have the power make the right decisions.
Follow us on social media for more updates!
Latest Posts:
Table of Contents
Toggle