In January, WhatsApp users received a popup outlining that they’d need to agree to the new terms of service. If users refused, their accounts would be unceremoniously suspended on February 8. This has had some interesting fallout:
- Downloads of the Elon Musk and Edward Snowden approved messaging app Signal have skyrocketed.
- Telegram gained more than 25 million new users in just 72 hours.
- Issues stemming from user mistrust in global corporate giants’ handling of their data jumped into the spotlight.
The change that has caused concern relates to WhatsApp sharing data with its parent company, Facebook. The policy notes that:
The type of information being shared with Facebook going forward is the major change – and the major cause for concern.
The policy notes that information like user browsing information (including frequency, duration, and interactions), language, mobile network, phone battery level, signal strength, internet service provider, and geographic information like your IP address and time zone may be shared.
WhatsApp’s Response to the Outcry
There has been a flurry of activity from WhatsApp and Facebook executives on Twitter. They’ve been trying to assuage the concerns of angry users by sharing additional information about the actual impact of the changes.
It's important for us to be clear this update describes business communication and does not change WhatsApp’s data sharing practices with Facebook. It does not impact how people communicate privately with friends or family wherever they are in the world.
— Will Cathcart (@wcathcart) January 8, 2021
WhatsApp released an FAQ which details that this change only relates to messages users send to business accounts on WhatsApp. A distinction is made between user to business conversations and inter-user conversations. With the company noting that “the policy update does not affect the privacy of your messages with friends or family in any way.”
There’s also another webpage designed to frame the changes in a more meaningful way. It starts with the words “We want to be clear…” – phrasing that was used in the FAQ document too.
One Key Issue: The Erosion of Trust
While WhatsApp is confident that its distinction between personal and business interactions is sufficient, it’s clear that users don’t feel the same way. European regulators don’t feel the same way either, having fined Facebook $122 million for misleading the EU about its intentions during their investigation of Facebook’s acquisition of WhatsApp. Facebook had previously stated that it “would be unable to establish reliable automated matching between Facebook users’ accounts and WhatsApp users’ accounts.”
The crux is that privacy-focused users don’t trust Facebook but Facebook needs to make money from WhatsApp. To do so, it has chosen to monetize business interactions which necessitates the sharing of (and likely selling of) user data.
The reality is that, in doing so, they’ll lose some users but retain most. These changes are a calculated business decision.
Another Key Issue: Unclear Privacy Policies
Takeaways for Businesses from WhatsApp’s Ill-Conceived Update
Businesses might be concerned that if WhatsApp – with all of Facebook’s resources behind it – can’t make users understand its privacy policies, then what hope is there? There is plenty you can do.
Make it very clear what data you are collecting.
WhatsApp’s updated policy did manage this quite well.
Make it very clear how the data is used.
This is where WhatsApp’s policy failed.
This section of your policy needs to outline how you use the data, whether you share the data with any third parties, and whether you sell the data to any third parties.
Give your users choices.
Potentially the biggest mistake WhatsApp made was to require all users to consent to the vague terms within a short timeframe. An opt-out of the business services (and the consequent sharing of data) may have helped alleviate concerns for users. That said, it wouldn’t necessarily serve the business interests of the shareholders.
Whenever you make changes to your policy, let your users know in advance and give them time to digest the changes and ask questions. Be sure to build choice into your privacy culture. Starting with making user rights very clear.
Privacy108 is one of Australia’s leading privacy consultancies for businesses. We’re here to help if you need guidance or assistance developing clear privacy policies.
Our specialist areas include information security, privacy and data protection, telecommunications and technology issues.
Our services include:
- Privacy impact assessments;
- Development and implementation of privacy management programs;
- Privacy compliance programs including GDPR readiness;
- Data breach response and notification;
- Advice on the use of the cloud and other third party service providers;
- Developing an organisational security culture; and
- Training and awareness programs.
Want to receive updates like this in your inbox? Subscribe