WhatsApp with data privacy?
By Dzof Azmi May 21, 2021
- Rescinds ultimatum related to terms of service after public outcry
- "Data protection laws still playing catch up", common middle ground
If you are one of the estimated two billion WhatsApp users in the world, you might be able to breathe a temporary sigh of relief. Originally, the messaging company set a deadline of 15 May 2021 in their ultimatum for users to either accept the company's new terms of service, or lose access to its main features.
Now, the company says, "No one will have their accounts deleted or lose functionality of WhatsApp on May 15th because of this update".
When WhatsApp announced in early January of this year that they were changing their terms of service, some felt that it was an attempt to railroad users into giving permission to let their data be shared beyond WhatsApp, with the family of Facebook applications, such as Instagram and Messenger.
It generated an uproar from users, to the point they were discussing how to migrate to other apps such as Telegram and Signal. However, this issue is only part of a larger one on privacy, and who determines what is suitable.
Kevin Shepherdson (pic), CEO of Straits Interactive, a company specialising in data privacy and protection for businesses, says there is much misunderstanding and miscommunication, and that users will do well to better understand the privacy concerns not just of Facebook and WhatsApp, but of almost every other software and app they use.
Ironically, he feels that Facebook's announcement was the company's attempt to be more transparent with their terms, and that they are well aware of their "less than stellar reputation" for personal privacy.
However, instead of assuaging suspicion, the announcement instead focused the spotlight, and created a backlash.
All in return for a "seamless user experience"
Shepherdson says that one misunderstanding was that Facebook will be able to read WhatsApp messages between users. In fact, WhatsApp has been assuring their customers that, "Personal messages will always be end-to-end encrypted, so WhatsApp can’t read or listen to them".
Instead, the new updates are intended to allow businesses to provide WhatsApp with information on how they interact with their customers on the platform, all in the name of a "seamless user experience".
"The intention of WhatsApp was to integrate it with the Facebook family of products," said Shepherdson. For example, a merchant might have a WhatsApp button on his Facebook page, which when clicked would start a WhatsApp session.
"Obviously, the data about you as the user in your transaction has gone to the merchant because he needs to know who you are," said Shepherdson. "So, in that short interaction session, information is being exchanged."
Indeed, WhatsApp has confirmed in a blog post that they do intend to offer more services for business users, such as allowing shopping through chat, and managing WhatsApp messages on their Facebook page, for example.
Shepherdson also says that any discussion about how companies use private data should go beyond WhatsApp. "In any event, it is not only Facebook and its group of companies that does it," he says. "Every online business and mobile developer that provides a product or service free of charge is actually doing this with the good intentions of enhancing your customer experience while monetising your personal data."
Pushback from regulators and app ecosystems
One group of users that do not have to worry about how the new terms of condition will affect their privacy are those based in Europe. For the time being, Whatsapp will not share personal information with Facebook for those users, as a result of "discussions with the Irish Data Protection Commission and other Data Protection Authorities in Europe."
Privacy in Europe is seen as a human right, and the European GDPR has for years been touted as the "gold standard for data protection regulations". Although there have been difficulties in implementing the regulation, its presence has meant that companies have to think twice about how they handle personal data in that region.
Some parts of the private sector have also taken note of the mood and attempted to allay potential consumer fears by promoting transparency.
For example, Apple is now touting a "privacy nutrition label", where developers are encouraged to disclose what kinds of personal data are being shared and how. Google has taken note of the user-friendly format used and has announced that they will launch something similar, making it easier for users to decode how their data is being shared. However, while Apple's scheme is voluntary, Google says their initiative is a requirement.
Apple has also launched "App Tracking Transparency", which lets users control which apps are allowed to track their activity. Since its launch, it has been reported that only 11 percent of users worldwide have chosen to allow apps to track them.
Improvements in Southeast Asia
Although it is encouraging to see companies begin to voluntarily take responsibility, it is clear that governments and regulators have a role to play in curbing what is perceived to be private sector overreach.
"Clearly, governments are taking ethical and consumer concerns into consideration when pushing back against Facebook," says Shepherdson.
His company, Straits Interactives, is one of several entities that have been asked to provide input to Malaysia's attempts to amend the Personal Data Protection Act (PDPA) in order to align it with the GDPR.
He points out that many countries, including Singapore and Malaysia already have notification obligations in their personal data privacy laws, but there is still much work to be done. "Data protection laws are still playing catch up," he says, but at least countries like Indonesia, Thailand and the Philippines are looking to put into place laws this year that require organizations to put in place a data protection officer specifically to address the issue.
"What is more scary is that many companies do not share what exactly they do with personal data they collect," he admits. "Perhaps, transparency as a mandatory requirement of all data protection laws is intended to be the middle ground. However, it is hard to predict when a middle ground that will satisfy data-privacy advocates will appear."
Indeed, although WhatsApp assures they will not delete accounts nor hamstring features for users who don't accept their terms, they will continue to send "persistent" reminders to these users, and go from "take us or leave us", to "take us, take us, take us…" ad infinitum until you give in.
Shepherdson ends by cautioning, "As the saying goes, 'if the product is free, YOU are the product.”
Related Stories :