This week Facebook owned WhatsApp messenger will start to ask users to accept a new set of privacy policies that, depending on where you live, will enforce the sharing of data between WhatsApp and other Facebook companies. The previous policies (June 2020) offered an option to opt out of sharing data with Facebook companies. This is no longer an option. You will either have to accept the new policy, stop using WhatsApp or delete your account.
There are two privacy policies:
The first is enforced in the European Economic area (EEA) and the second is enforced outside of the EEA.
The main difference is in how Facebook companies use WhatsApp users data, and this is what the technology press is so up in arms about.
In the EAA this section of the policy reads:
The outside EAA version reads:
Anyone not in one of these countries is outside of the EEA.
It appears that information will still be shared with Facebook companies relating to EEA users, but just will not be used by Facebook companies fir their own purposes (e.g. marketing). This is my interpretation and may be wrong – happy to be corrected if someone can provide feedback. Information will also be shared irrespective of whether you have a linked Facebook account.
What does this mean?
If you are in the EEA, information will still be shared with Facebook companies to “… help us operate, provide, improve, understand, customise, support, and market our Services. This includes the provision of infrastructure, technology, and systems, …”. This is reasonable since Facebook will share infrastructure to support the services they provide. This is normal for most companies. However, in the EAA “… Any information WhatsApp shares on this basis cannot be used for the Facebook Companies’ own purposes.”
If you are outside the EAA, Facebook can do whatever they like with the data.
This difference is most likely down to the presence of the GDPR regulations within EEA countries. On 31 December 2020 the UK finalised their exit from the European Union. However, as part of the exit from the EU, all laws passed under previous treaties with the EU were signed into British law, which includes for the moment the GDPR. That may change in the future.
However, under the GDPR, if you are a company and you are processing information relating to EU citizens (and for the moment this includes the UK), you are governed by the GDPR regulations regarding how you process and retain this information irrespective of where your company is located. I don’t claim to be an expert on this regulation, but I do know is includes guidelines on data privacy and how you can process data of EU citizens. It also includes notification requirements in the case of a data breach involving EU citizens data – failure to notify involves significant fines.
What can I do about this?
If you are fully invested in Facebook and you share everything with them, then this probably won’t bother you since they own you anyway.
If, like me, you value your privacy then you have a few options:
- Stop using WhatsApp
- Delete your WhatsApp account.
If you don’t want to use WhatsApp anymore, then there are several other options that offer a more secure and private messaging service. The one I am currently looking at is Signal. This service is open source, is funded by grants and donations, does not host adverts and does not share information with third parties. It is also end-to-end encrypted, which WhatsApp also claims to be.
End-to-End Encryption means that the only people allowed to view the messages are the sender and the receiver. The message is encrypted from the point it leaves your device to the point it is delivered to the recipient. No-one else, including the service, can read the message.
There are several other messaging services and Wikipedia has a useful list of them to review. You should also be aware that some apps are banned in certain countries and the US passed an executive order recently banning six more Chinese messaging services from operating in the US.
This development just proves the point that you need to read the privacy policies of the services/apps you use. It doesn’t help that these documents are often long and worded in legal jargon. Reading these documents when you are in the process of signing up for the latest cool service is not the first thing on your mind, and you will probably just click through them and accept all policies. – and this is what these companies are wanting you to do.
You should also review the permissions any app you install requests and deny any that you are unhappy with. WhatsApp on Android requests the following permissions:
- Send/Read SMS *
- Location *
- Device & App History
- Phone *
- Photos/Media/Files *
- Camera *
- Storage *
- WiFi Connection Information
- Microphone *
- Contacts *
- Device ID & call information *
- Miscellaneous other permissions.
The ones I have marked with a “*” can be disabled in the settings app (Android 10).
Denying permissions will stop certain features from working, so this is a compromise.
It’s up to you whether you accept the new terms or stop using WhatsApp. I am starting to use Signal and Microsoft Teams and asking contacts to convert over. Recent reports suggest that people are leaving WhatsApp en-mass and moving to alternatives. I have yet to see evidence to prove that, which will become evident in market share numbers in the months to come.
It’s your choice.