Image: © tashatuvango/Stock.adobe.com
The latest privacy update from WhatsApp has sparked concerns from users and privacy experts around the world.
Editor’s note: WhatsApp has since delayed its update from 8 February to 15 May. You can read more about its decision here.
Facebook-owned messaging app WhatsApp has been notifying its 2bn users of the latest updates to its privacy policy and terms and conditions over the last number of days.
The update says that users must accept the new terms within the coming weeks to continue using WhatsApp, but details in this update have sparked concerns with users and privacy experts who are worried about the level of data that will be shared with Facebook.
Turkey’s competition authority has opened an investigation into WhatsApp over the new update, while tech billionaire Elon Musk endorsed rival Signal in a tweet, which sent users flocking to the encrypted messaging app.
What does this mean for users?
WhatsApp still offers end-to-end encryption, meaning your messages can’t be shared with Facebook or read by WhatsApp. This was further clarified by WhatsApp on its website in recent days.
But there has been a lot of confusion around the implications of data sharing in this latest update, which states that new terms take effect on 8 February. “After this date, you’ll need to accept the new terms to continue using WhatsApp,” it adds.
Update notification. Screenshot: WhatsApp
While users must agree to the terms, WhatsApp has said that the update does not include changes to data-sharing practices for users in Europe.
In a series of tweets, WhatsApp’s EMEA director of policy, Niamh Sweeney, stated: “There are no changes to WhatsApp’s data-sharing practices in Europe arising from this update. It remains the case that WhatsApp does not share European region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or ads.”
She added that the update is about “providing clearer, more detailed information” to users about the use of data.
2/5 It has been incorrectly reported that WhatsApp's latest Terms of Service and Privacy Policy update requires users in the European Region to agree to the sharing of data with Facebook for ads purposes in order to continue using the service. This is false.
— Niamh Sweeney (@NiamhSweeneyNYC) January 7, 2021
Siliconrepublic.com reached out to the Data Protection Commission for further clarification. The data watchdog confirmed this statement, adding that its office has been assured by WhatsApp that if data practices were to change, the Data Protection Commission would be engaged with first.
“The updates made by WhatsApp last week are about providing clearer, more detailed information to users on how and why they use data,” said Graham Doyle, deputy data protection commissioner.
“WhatsApp have confirmed to us that there is no change to data-sharing practices either in the European region or the rest of the world arising from these updates.”
European data protection authorities, including Ireland’s data protection commissioner Helen Dixon, have expressed concerns in the past about the sharing of WhatsApp data. This led to the messaging app agreeing in 2017 to stop sharing personal data with Facebook unless it complied with GDPR.
However, the privacy policy for European users in both 2016 and its updated version references some sharing of information with other Facebook companies “to promote safety, security and integrity” across Facebook company products, for example, to fight spam, threats, abuse or infringement activities.
So what’s different about this update?
Sweeney added in her tweets that the update is also about “improving how businesses use WhatsApp to connect with customers”.
“The updated policy provides info on how businesses using the WhatsApp API to talk to customers can now do so using a Facebook-provided service to help them manage their chats with customers.”
In the update on its website, WhatsApp detailed that it gives businesses the option to use hosting services from Facebook to manage WhatsApp chats with customers, answer questions and send information such as purchase receipts.
“But whether you communicate with a business by phone, email or WhatsApp, it can see what you’re saying and may use that information for its own marketing purposes, which may include advertising on Facebook,” WhatsApp said.
Additionally, for people who choose to interact with Facebook’s Shops feature, your shopping activity can be used to personalise your experience as well as the ads you see on Facebook.
The update is also different for users outside of Europe. Bloomberg reports that in the US update, for example, WhatsApp says it wants to be able to let users connect their Facebook Pay account “to pay for things on WhatsApp”, and let them chat with friends on other Facebook products such as Portal “by connecting your WhatsApp account”. This text does not appear in the Europe version.
If you’re outside the European region, WhatsApp’s sharing of data with Facebook is less limited. But this is nothing new and WhatsApp has indicated the sharing of information with Facebook companies since its last update in 2016. Its privacy policy states that “WhatsApp receives information from, and shares information with” Facebook companies.
We want to address some rumors and be 100% clear we continue to protect your private messages with end-to-end encryption. pic.twitter.com/6qDnzQ98MP
— WhatsApp (@WhatsApp) January 12, 2021
Is there anything else to consider?
The main change for users is that it will become mandatory to accept WhatsApp’s terms and conditions to use the service.
However, speaking to Siliconrepublic.com, data privacy expert Ray Walsh of ProPrivacy expressed his concern about the update, “It is very frustrating that [WhatsApp is] not allowing people to have the option to continue using it without accepting those particular parts of the privacy policy, which is to share with Facebook,” he said. “We know that WhatsApp can function perfectly well without sharing data with Facebook, so then it’s not really integral to the service itself.”
Walsh said he believes the data people are most concerned with in this new update is the transactional data that may be involved. “Some of that does revolve around the fact that WhatsApp is changing. The way that people use WhatsApp is changing. Businesses are being able to interact with consumers directly and then actually take orders via a cart integration in WhatsApp and that is obviously making it much more of a shopping platform,” he said.
“It is for people that use those cart integrations and actually opt to buy things via WhatsApp that are obviously very potentially lucrative to Facebook, which can gather information about people’s purchases.”
While the previous version of the privacy policy referenced the collection of transactional data, it only stated that WhatsApp “may receive information and confirmations, such as payment receipts, including from app stores or other third parties processing your payment.”
The updated privacy policy contains much more detail, stating that it will process additional information including payment account and transaction information. “Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount).”
Refresher: WhatsApp and Facebook’s relationship
Facebook acquired WhatsApp in 2014 but it wasn’t until WhatsApp’s privacy policy update in 2016 when concerns over data sharing between the two entities started to surface.
While messages remained encrypted, this update allowed WhatsApp to share users’ phone numbers, logs of how long and how often they use WhatsApp, information about how users interact with other users and more.
“By connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them,” said the company in a blog post at the time.
However, the change came under intense scrutiny, which led to the halt of data-sharing in Europe after complaints from data watchdogs across the bloc. Then in May 2017, a year before GDPR kicked in, EU antitrust authorities fined Facebook €110m for misleading regulators during a 2014 review of the WhatsApp takeover.
Facebook is not out of the woods yet when it comes to competition concerns. Following a lengthy investigation into four of the biggest tech companies in the world, the US Federal Trade Commission announced last month that it is suing Facebook for alleged anticompetitive conduct and illegal monopolisation.
The lawsuit calls for a permanent injunction that could force Facebook to sell a number of its assets, including WhatsApp and Instagram, and prohibit future mergers and acquisitions without prior approval.
Don’t want to use WhatsApp any more?
As WhatsApp comes under the microscope for its latest privacy update, many users are turning to alternatives such as Telegram and Signal. Both apps offer end-to-end encryption for messages, just like WhatsApp. Signal offers this by default but Telegram users have to manually ensure this setting is switched on.
For users who want the ease of a desktop app, Telegram can be accessed via web.telegram.org and it does not have to be linked to the mobile version of the app. Signal on the other hand, requires the mobile app to be linked to the desktop at all times.
In terms of storing data, Signal does not store metadata, logs or information on its users, it only stores your phone number. However, Telegram has access to your contact information, contacts and user ID.
