New WhatsApp Policy – A Threat to the Privacy of End Users?

Published on 20 Jan, 2021

The new WhatsApp policy released in the first week of 2021 created a furor, especially among Indian users. The announcement that their data would be shared with the parent company of WhatsApp has encouraged many users to move out of the chatting app. The company specified that it is an added service for its business users, and the overall privacy of users would remain protected. Nevertheless, this policy has brought the spotlight on the lack of regulations in India and the need for stringent rules.

The popular chatting app, WhatsApp, is facing mass exodus since its new privacy policy was released at the start of the year. This policy states that WhatsApp has the right to share user data with the parent company – Facebook. Furthermore, both these platforms can share user data with companies that perform online transactions and business through the website/app. All users present on these platforms should agree to these terms and conditions or shut their accounts.

This new policy was a commercial move by the app to use the copious amounts of data under its possession. As an increasing number of users are reaching out to businesses through WhatsApp, this update would enhance their connectivity. Moreover, businesses can choose to receive secure hosting services from Facebook to communicate with their customers as an added service.

Information that WhatsApp would share under its new policy

Details that would not be shared

  • Personal chats – Personal chats of users would continue to have end-to-end encryption and remain private. The app clarifies that no personal chats or calls by users can be seen either by the app or any third party.
  • Tracking calls or records – The app would not record or listen to audio and video calls; this data would remain end-to-end encrypted, similar to media and text messages. Hence, personal messages or calls would continue to remain private.
  • Message storage – The app would not store personal chats or messages of the users or share those with third-party service providers.

Details that would be shared

  • Location – Location details of users based on their phone number and IP address would be shared by WhatsApp with Facebook and other companies.
  • IP address – The IP address of the device signed in from would be shared.
  • Phone details – Details of the phone signed in from, such as its model, battery level, signal strength, browser, mobile network, language, time zone, and even ‘International Mobile Equipment Identity,’ would be shared by the app.
  • Contact details – While the contents of personal messages are safe, details of contacts being messaged or called, chat groups, status, profile photos, and last seen online would be shared by the app.
  • Payment details – The company has specified that its payment service would process additional information through the app. This data would be shared with Facebook.

The effect
As per the policy, the messaging app would share complete user data with Facebook, which includes location, purchases history, user behavior patterns, and demographics. This would help in the personalizing content and advertisements across Facebook’s social media platforms for users. It would also help users in interlinking payment services such as Facebook Pay accounts for shopping done via the messaging app.

This move by WhatsApp is a step toward increasing its footprint in retail, aided by an increase in the need for personalized content and data integration. Moreover, social media platforms had been tracking their users’ behavior previously as well to determine patterns and reflect content accordingly.

Security concerns
The main concern faced by users regarding this policy is the fact that their data would be easily accessible to commercial users. Apart from the breach of privacy, the critical issue is that this move might ease the way for cyberattacks, allowing hackers to leak users’ personal accounts, photos, media files, bank details, and location. Hence, many users have migrated from WhatsApp since the announcement of this policy.

This policy affects Indian citizens more than those of any other country, as India’s data protection laws are not stringent. The new WhatsApp policy does not affect the European region as the European Union (EU)’s law on data protection and privacy, viz., the General Data Protection Regulation (GDPR), protects users from any issues regarding data sharing.

Limited protection is available under the Information Technology Act for Indian citizens. Hence, users do not get any relief, even on the misuse or blatant sale of their data. Additionally, very few people are aware of the privacy policies present on social media platforms, as they do not check the terms and conditions before signing up.

Need for stringent regulations
The importance of data is increasing day by day. Many companies are taking steps to commercialize their data to increase their bottom line. While companies are following some basic compliances, they do not show any real accountability for the data they are collecting. Furthermore, individuals are not completely aware of how and why their data would be used.

The GDPR in Europe has set certain guidelines that need to be followed by both the EU as well as non-EU companies present in that region. Some of its features are:

  • Informing users of the data that would be taken by the platform and taking their consent
  • Sending breach notifications to affected individuals within 72 hours
  • Making people aware of their rights and legal actions they can take in case of misuse of their data
  • Changes in corporate policies that make companies more accountable for the data they collect, along with a structure to collect fines from companies that do not toe the line

These guidelines safeguard the data of EU residents and give them the right to choose how their data should be used.

The US offers protection to its citizens from data piracy through various laws at federal and state levels. The Federal Trade Commission (FTC) has the authority to take action and enforce federal piracy and data protection regulations.

Similar to the EU and the US, India needs to increase the level of data protection of its citizens, for which it should design a framework that regulates the sharing and usage of individual data.

Indian citizens, apparently, do not consider their data to be valuable. If they had a choice to pay for a chatting service versus using an app for free in exchange of sharing their data for commercial purposes, they may choose the latter. Unlike other countries where citizens are more aware of how their data is being used and prefer to keep it confidential, Indians are more open to data sharing. As such, Indians are yet to realize the potential of their data for commercial purposes.

Although the Indian government refined the online privacy policy in 2020, it still has many loopholes. No defined regulations exist for companies to prevent them from sharing or using customer data for commercial purposes.

Currently, WhatsApp has delayed the implementation of its new policy for a few months post the mass uproar against their move. It is yet to be seen if WhatsApp will likely lose its popularity or continue to rule the roost once the new