by Vibhushinie Bentotahewa, Dr. Jason Williams, and Dr. Chaminda Hewage
31 January 2021
WhatsApp hit the headlines with the launch of its new terms and conditions, a policy agreement that the users must accept if they wished to continue using the app after the 8 February 2021 deadline. The instant user reaction has been one of dismay within days of the initial message appeared on their accounts asking them to review existing privacy choices and agree to the changes outlined in the new policy. The proposed changes specified by WhatsApp, which is now under Facebook ownership, have come under scrutiny by media and app experts. The most concerning issue is that Facebook, under its own privacy policy, would be having access to millions of user information (metadata) from WhatsApp, making it one of the biggest media organisations to collect, process, and store ‘big data’ by design. If agreed to the proposed changes, personal information will be shared with Facebook, and if rejected, the user accounts on WhatsApp will become void by the set deadline. This is a dilemma the users have to grapple with. Millions of users have instantly ditched WhatsApp in preference to alternative apps that are readily available free, with a hassle-free download facility via app stores. This backlash has prompted Facebook to put on hold proposed policy changes until May, but it is still unclear whether Facebook will shift its position.
This is a growing concern and is arguably not in the public interest and not in line with many nations’ privacy policies, especially GDPR applicable ones, the UK and EU member states. However, it must be said there is nothing new about what had been going on and what is envisaged from the new privacy policy. Ever since WhatsApp was acquired by Facebook (in 2014), it had access to various user information already available on WhatsApp. These include active phone numbers, preferential choices, interests, and using mobile device information and user IP address.
As has been explained by WhatsApp, there is another side to all this that the updates only refer to business communications and do not impact private end-to-end encrypted conversation between friends or family, and the existing encryptions will remain unchanged. It also claims that sharing information with Facebook is a part of the company policy to introduce a payment capability facility for the user when making purchases from sponsored trading outlets and organisations. However, the process’s completion is mainly conditional on the user agreeing to company privacy policy terms and conditions. Still, it is hard to believe that every user was aware of ‘small print’ pages in its privacy policy statement about how, why, and with whom, and how long it shares metadata.
Facebook, in its own defence, claims that revenue from advertising on Facebook is essential for the company to function without imposing subscription charges from the user of its apps, and insists that information they hold will help operate, provide, improve, understand, customise, support, and market their services and offers. Maybe so, but the longstanding customer preference for WhatsApp will be tested when the subscribers turn to other competitive apps with similar features provided completely free to the user, in many cases without conditional agreements and privacy implications.
WhatsApp has end to end encryption, and it is free. Therefore, it attracted subscribers billions in number. However, as WhatsApp proposed privacy policy story began to unfold in the public domain, the user concerns began to rise, and their reaction was not good news for the company. The users wasted no time downloading similar apps, mainly Signal and Telegram from other sources, and the numbers abandoning WhatsApp rang alarm bells in Facebook HQ. The worst to come was the rise in popularity of ‘Signal’ in the world’s regions, and it took the top spot for the most downloaded app from the play store.
WhatsApp is also facing legal challenges as WhatsApp’s updated privacy policy because it interferes with user surveillance and threatens India’s security. India has filed a petition against WhatsApp, saying it jeopardizes national security by sharing, transmitting, and storing user data in another country with the information thus governed by foreign laws. Pakistan- Federal Minister for Science and Technology, has said that the government was making efforts to introduce a strong data protection law to protect citizens’ privacy with WhatsApp chaos. Countries in the South Asian region do not have meaningful privacy and data protection laws; therefore, it is crucially important to understand WhatsApp’s new privacy policy before accepting clearly. It is also important that the countries assess risks and produce a lasting solution to close any loopholes.
WhatsApp users within the European region, which includes the UK, are receiving a separate privacy policy to those elsewhere globally, and there is a clear difference in the policy note. European countries’ terms and conditions do not contain a section covering the information WhatsApp does collect. It is also worth noting that data sharing with Facebook is minimal for European users due to stronger user privacy protections in the EU. The EU’s General Data Protection Regulation (GDPR) is one of the strictest in the world. It ensures that consumers have full rights to their data and how that data is processed and even demand erasure of information. Companies bound by the European Union’s privacy laws are liable for fines as much as 4% of global annual revenue if found in breach of the EU block laws. Also, the GDPR highlights the service providers to collect only essential information necessary to provide the services.
The regulatory vacuum is a real concern in terms of data protection as most of the countries are in the process of developing their legal mechanisms. But for most of the other countries, even though they are developing data protection laws until the Personal Data Protection Bill becomes law, it is hard to police technology companies on how user data should be processed. It is clear the users have limited options, and the countries should take the protection of privacy rights seriously and come up with a personal data protection law. However, the users who are not conversant with data privacy implications might overlook the risks in downloading and using these popular messaging apps free of charge. Therefore, it is not too late to act and introduce sound privacy legislation to ensure that app providers have meaningful, clear terms and conditions that will allay doubts and suspicions in the user’s minds.