The change in Whatsapp privacy policies has created an uproar around the world. Top names around the world like Elon Musk are voting for alternative messaging apps that are more private. Even the government of India has asked WhatsApp to roll back the changes.
Is it really that worrisome? Is it time to delete WhatsApp?
What Are the New WhatsApp Policy Changes?
WhatsApp made key changes in three areas-
• How it processes your data
• How businesses can use Facebook hosting to manage their WhatsApp messages
• How WhatsApp shares data with Facebook
WhatsApp made a similar attempt in July last year. However, users had the option of not sharing their WhatsApp data with Facebook. But this time you don’t have a choice. Either you have to accept the changes or stop using WhatsApp.
However, as we told you earlier, the changes are on hold. WhatsApp has decided to extend the deadline of accepting the changes and put up a long FAQ page. WhatsApp says they don’t read messages or listen to your calls as they are end-to-end encrypted.
Whether encryption can protect your messages is a different question. We have already witnessed many leaked WhatsApp messages over the years. But we will talk about that another day and focus on our topic at hand.
We will try to note down the factors that raise questions about WhatsApp’s new policies. Our analysis will take cues from data protection experts and lawyers to give you a better idea of things. The main concern is about your personal data and it being shared with Facebook. So, here is a look at the data WhatsApp collects from any user.
Data Collected by WhatsApp
The Indian Express checked out the data collected by WhatsApp. You can also download your collected data by going into your WhatsApp account settings. Here is what WhatsApp collects and processes-
• Your name, phone number, and profile picture
• Details about your device
• Your contacts
• Name of groups you were/are part of
• Time spent online and last seen
• Your WhatsApp status
• Copy of settings
• Timing of status and profile picture change
WhatsApp may choose to share these pieces of information with Facebook for marketing and improving their services. You will not have any option but to agree if WhatsApp pushes through the policy changes.
However, WhatsApp has said it doesn’t share your contacts with Facebook. Additionally, the changes will not add any more data that to the list that WhatsApp already shares with Facebook. The messaging service also clarified a few more points-
Now, let’s explore some problems that experts have pointed out about the proposed changes.
Changes Not in Line with International Data Protection Laws
While WhatsApp is trying to mandate the changes in India, it isn’t that successful in other parts of the world. The EU is a place where data protection laws are highly practical and reliable. WhatsApp is not going to update its policy in the EU.
This has made even the government of India raise questions about the changes. It has asked for clarification from WhatsApp to explain its data policies. The government specifically asked why India should accept the changes while the EU is exempt from it.
India is still without a data protection law and can suffer more due to the privacy changes.
Changes Violate Indian Data Protection Bill 2019
The Data Protection Bill 2019 is India’s step toward protecting the rights and privacy of the citizens. The recent WhatsApp changes may violate the bill or the recommendations of the Srikrishna Committee Report.
For example, the changes may violate the clause of restricting user data within the country. Sharing information with Facebook and businesses may send your data overseas.
WhatsApp Shares Your Metadata
WhatsApp has made it clear your calls or messages are safe and encrypted. They are not reading your messages and nor is Facebook. However, WhatsApp shares your metadata.
Metadata is used to provide the context of a page or content. Your metadata can give someone a complete picture of your online activities. These metadata or insights into your online behavior may be available to businesses.
Obviously, many of us will not like that. We may not want what we do online to be revealed to any other party.
Problems with WhatsApp New Changes
India without data protection laws may find it hard to pinpoint the concerns around the new changes. However, pitting them against the EU’s GDPR gives us an idea of what to expect. Surprisingly, a lawyer’s account found many glaring inconsistencies when the changes are seen against GDPR laws.
Let’s try to sum them up-
WhatsApp May Process Additional Data
WhatsApp may process data that it may not collect. For example, your contacts using WhatsApp will automatically load up on your app once you install it. If you add any new information to your contacts on your phonebook, they show up on WhatsApp, like name or address.
Now, WhatsApp needs to process the data in your contacts to add it in the app. So, addresses, alternative phone numbers, emails, and anything you add may be available to WhatsApp.
However, WhatsApp has said they don’t share contact information with Facebook. They only use the mobile numbers to connect you quickly with your contacts.
Objections on Identifiable Data
WhatsApp scans your contacts for people who use the app. In the process, it may also scan the contacts that don’t use WhatsApp. Plus, any additional information n your phonebook may be available to WhatsApp.
Some of these information may contain details to identify a person. Phone number, email, landline number- many such details can be used to identify a person.
Now, your phone contacts who don’t use WhatsApp have never agreed to share any data with the app. However, their information may still reach WhatsApp or Facebook through you. So, there are two concerns here-
• Sharing data of people who don’t even use WhatsApp
• Likelihood of sharing of identifiable information
WhatsApp, however, clarifies that it makes information anonymous for contacts who don’t use the app.
Unlawful Data Processing
GDPR also lays down the rules on how businesses or apps can process user data. WhatsApp’s data processing throws up many questions when assessed against GDPR. They may process data of contacts in your phone without proper consent.
Specifically, the data processing by WhatsApp seems to violate six criteria laid by GDPR-
• Gaining due consent
• Data not required for the performance of any contract
• Data processing not necessary to meet any regulations
• It is not required to protect anyone’s interest
• It is not done in the public interest
• There is no legit interest in processing the data
According to experts, the data processing by WhatsApp is surely against the EU’s GDPR. The app may process data of people who don’t even use it. They have not given any consent, nor can WhatsApp show any credible reasons if challenged in court.
What If I Delete My WhatsApp Account?
Deleting your WhatsApp account will remove the following from your phone and servers-
• Your account information and display image
• All your groups
• Message history
WhatsApp may retain some information even if you delete your account. It is also not clear what information it may retain. For example, WhatsApp doesn’t say whether it deletes your contacts if you delete your account.
Some of your data may still do the rounds even if you remove your account.
Should You Worry Over WhatsApp Changes
People who use WhatsApp to stay in touch with family and friends may not worry. WhatsApp has clarified the changes don’t affect anything for people like you. WhatsApp may be alright, and you don’t need to switch to Signal or Telegram.
However, you might want to keep a tab on communications with businesses. You might see ads on your Instagram or Facebook related to businesses you communicated with on WhatsApp. The messaging app may also move towards banner ads in the future. But that is not a matter of concern for now.
You can chat and call on your WhatsApp if you use it for personal purposes. You can safely call and chat with your friends and family. It’s unlikely anyone will eavesdrop on your messages if you’re specifically not a target.
We will have to wait and see how things turn out as the government is now involved. India should also try to work on a reliable data protection law like GDPR. Then privacy policies like these won’t apply to Indians and put them at risk.