Graphical user interface, text

Description automatically generated


Privacy

The recent WhatsApp terms and privacy policy update pop-up (pictured above) has been negatively received by its users and zeroes in on some disturbing aspects of today’s privacy landscape.

1) There’s Always Been Sharing of Personal Data Among Companies

Many users mistakenly believed that the notification meant that WhatsApp was removing a user’s ability to opt out of data sharing with its parent company, Facebook (Facebook acquired WhatsApp in 2014).  However, Facebook eliminated that option years ago. Unbeknownst to many users, WhatsApp has been sharing data about the majority of its more than 2 billion users with Facebook since 2016.

When WhatsApp changed its privacy policy in August 2016, it gave its one billion users at the time 30 days to opt out of sharing their data with Facebook. You can check to see if you opted out when you had the chance by going to Settings and clicking on “Request Account Info.” If you opted out, then WhatsApp is continuing to honor your choice.

As for the more than billion users who have joined WhatsApp since 2016 and for those users who did not opt out during that small window of time, the app is essentially sharing all of its user data with Facebook, except for the content of the users’ communications.

For example, WhatsApp is sharing account information such as phone numbers, length of time and frequency of usage, device identifiers, IP addresses, operating system information, browsers, battery health information, app version, mobile network, language, and time zone. Depending on user permission settings, it can also be sharing transaction and payment data, cookies, and location information.  Aside from that 30-day period in 2016, users have not had a choice to opt out of sharing this data with Facebook.

2) Privacy Policies are Confusing

Many users mistakenly believed that the new policy meant that it was changing its practices so that it could now read people’s messages. In reality, WhatsApp is giving users new options to contact businesses and expanding its practices around how its business users can store their communications.

This underscores the confusion engendered by privacy policies in general. It’sbeen observed that data privacy laws in the U.S. are not very effective because as long as companies state what they are doing in the privacy policy (many of which are convoluted and which most people don’t read anyway), they can do whatever they want.

3) Consumers Have No Real Choice

Whatsapp’s privacy update also underscores the dilemma that many consumers face: either give up control over their personal data or don’t use the app/service. Originally, WhatsApp gave its users until February 8th to agree to the new terms otherwise they would no longer have access to their accounts.

While it is not always the case, in this situation at least, there are alternative apps that users sought out and joined--Signal and Telegram. In fact, Signal just became the number one app on Apple and Android phones in one of WhatsApp’s biggest markets--India.

Given the negative reaction, WhatsApp has announced that it is postponing the changes until May 15th to give its users time to review them.

Although consumers have more time to consider the changes in this case, it still illustrates the common position that consumers are stuck in--agreeing to the terms and policies of the app, whatever they may be, in order to use the app.

4) Big Tech’s Bad Track Record with Personal Data

Some of the reason for the backlash is also because people know that Facebook owns WhatsApp. Many people don’t trust Facebook; it’s an understatement to say that Facebook does not have a good track record when it comes to data privacy. In fact, Facebook recently agreed to a $650 million dollar cash settlement for collecting biometric data without permission in violation of the Illinois Biometric Information Privacy Act.

Jan Koum, a co-founder of WhatsApp, is familiar with surveillance given that he grew up in the Soviet Union. Because of that experience, he values the ability to speak freely and insured that privacy was a cornerstone of the app. After selling the app to Facebook, he posted in a blog that he would not have partnered with Facebook if it meant that he had to change his values around protecting user privacy.

However, in 2018, both Mr. Koum and Brian Acton, the other founder of WhatsApp, left Facebook. An inside source stated that Mr. Koum became increasingly concerned with the amount of data that Facebook was collecting about its users and wanted greater privacy protections for users.

After the Cambridge Analytica scandal at Facebook, Mr. Acton even tweeted that it was time to delete Facebook. Given that the people who were safeguarding WhatsApp’s user privacy are no longer at the company, it is not surprising that users feared the worst when they saw the recent notification of changes.

What We Can Do About It

While today’s privacy environment may be less than friendly to consumers, we at DDP believe that we can help change and improve it. With your help, we are working to get consumers the right to control their data. Join DDP.