Whatsapp has clarified the terms of its planned privacy update after widespread confusion over the new terms of service. The messaging app faced backlash over its announcement of the changes in January as many believed it was planning to increase the amount of data it shares with parent company Facebook, sparking a wider debate over data privacy and metadata sharing practices.
The changes were originally set to come into force earlier this month, but the company delayed the deadline for accepting the new terms until 15 May. If users refuse to accept the terms of the privacy update their accounts will become “inactive”, meaning they’ll lose the ability to read and send messages on the app. Inactive accounts will be deleted after 120 days.
The company first began facing backlash after users were alerted of the new changes through a pop-up notification stating that they would lose functionality of the app if they refused to accept the terms, leading to a wave of users opting to defect to competitors such as Signal and Telegram.
As part of its revamped strategy to keep users onside, WhatsApp will start showing a banner alert containing a more detailed explanation of the changes that they can read “at their own pace.”
In reality, WhatsApp’s planned privacy update changes very little; it primarily deals with facilitating payments to be made to businesses through the app.
“Consumer trust relies on understanding why the changes have been made and how that impacts their services”, said Clifford Chance TMT lawyer Herbert Swaniker.
“The lesson here is that privacy and policy experts should be involved from the outset and really help users understand what the changes mean to them in practice”, he added.
In response to the uproar, WhatsApp said it was the victim of “misinformation” surrounding the planned changes and reminded users it wouldn’t be changing the end-to-end encryption of personal messages.
“We’ve reflected on what we could have done better here”, the company wrote in a blog post. “We want everyone to know our history of defending end-to-end encryption and trust we’re committed to protecting people’s privacy and security.”
Swaniker believes the backlash was “inevitable,” as users are becoming more aware of their privacy rights.
“Privacy laws like the EU GDPR require organisations to be transparent and upfront about how and why they use personal data,” he said. “The WhatsApp backlash goes to the heart of these privacy obligations, emphasising the importance of thoughtful communications around material policy changes. This requires more than simply complying with the law, organisations must respect the spirit of the law too and bring users with them.”
Despite its shift in approach, Whatsapp has already seen significant fallout since its initial announcement in January. India’s technology ministry reportedly asked the messaging giant to withdraw the planned changes, citing concerns over the data privacy of its citizens. The country is currently Whatapp’s biggest market with more than 340 million users.
Tech billionaire Elon Musk joined the fray by plugging Signal to his 42 million Twitter followers. The rival app is a favourite amongst privacy advocates as it uses the same end-to-end encryption technology as Whatsapp but collects less metadata about its users, making it better suited to people looking to prioritise their privacy. Telegram, another of WhatsApp’s closest competitors, reported 25m new downloads in the days following the announcement. The jump in usership brought the app to 500 million active users.
The flurry of criticism towards the new policy managed to unearth a truth of which many users are becoming increasingly aware: WhatsApp has been storing and sharing user data for a long time. The app’s terms of service have allowed this kind of information sharing with Facebook’s brands, including Instagram, since 2016. By using WhatsApp, you consent to sharing your usage data, your phone’s unique identifier and your IP address with Facebook. So by agreeing to the terms of service, almost all users have already agreed to their information being passed around Facebook’s broader network.
It's important to note these provisions exclude the EU. Agreements between Facebook and European data protection bodies prevent this sort of information sharing between the tech behemoth’s brands. In a sense, this could be seen as a win for EU data protection regulations, but that doesn’t mean WhatsApp has avoided being caught up in GDPR compliance cases facing big tech firms across the bloc. Earlier this year, it was announced the app could be fined up to €50m over GDPR violations. The penalty would be the largest fine under the GDPR since it came into force in 2018.
As companies including Google and Twitter continue to be fined, it appears the EU’s data protection policies are doing more to highlight what Big Tech is managing to get away with doing than enforcing stricter data privacy rules.
So, for what exactly is your data being used? The answer is simple in Facebook’s case: targeted advertising. With advertising being almost 100 percent of the platform’s revenue, it’s not difficult to see why Facebook would want to seek other ways to profit from its ad-free brands as it looks to broaden its e-commerce offerings.