“If you are an existing user, you can choose not to have your WhatsApp account information shared with Facebook to improve your Facebook ads and products experiences.”
This was, for a brief period, the fine print in WhatsApp’s privacy policy. Now, it is nowhere to be found.
WhatsApp, a messaging app launched in 2009, was bought by Facebook in 2014. On the surface, users would come to find ‘from FACEBOOK’ stated on the app. But that was not the only change. Since then, many privacy-concerned users have wondered exactly what information WhatsApp shares with Facebook. When the integration happened, WhatsApp’s founder Jan Koum said the platform “will remain autonomous and operate independently”. Since then, he and the co-founder, Brian Acton, both have left the company and looks like so has this commitment.
On 4th January this year, WhatsApp came out with a change in its privacy policy and gave its users an ultimatum – accept the policy and enter the Facebook bandwagon, or be kicked out of the platform on 9th February. This put the platform under the spotlight. Many were quick to point out that the tagline, ‘Respect for your privacy is coded in our DNA’, had disappeared from WhatsApp’s privacy policy page.
Among the unending stream of terms and conditions one accepts daily, why should one be concerned with this particular pop-up? The short answer is because it concerns Facebook and a further concentration of power.
WhatsApp started out as a “no ads, no games, no gimmicks” platform. Its founders were strictly against any ad-targeting, which meant minimal data collection. This is quite in contrast to the Facebook model, which monetises on ads that are driven by the collection and usage of a lot of user data. No wonder the founders left (having disagreements with Zuckerberg’s plans for WhatsApp). Unfortunately, while they saved themselves from violating their personal ethics, they sold us off, and we are left now to deal with the baggage.
WhatsApp-Facebook Merge Thickens
Around this time last year, news broke that Zuckerberg was planning on merging WhatsApp, Facebook and Instagram (which it had also bought in 2012). With that announcement, people’s fears about a Facebook domination were becoming real.
It was and still is confusing as to what this merge means, but the claim is that it would enable people to easily switch from one platform to another. But what does that really achieve? The argument of ‘ease for the user’ seems to be paraded as a blanket justification for all tech companies’ measures for their own commercial gain. The merge very much benefits Facebook since it would be able to accumulate users from all the other platforms, which were intense competition to it before it bought them off.
What has changed (and not) and why it matters?
The change in WhatsApp’s privacy policy now is in itself not a mammoth event. But, put that in context with the integration measures that have already been initiated and Facebook’s future plan with these apps, and it becomes seriously dangerous.
As a justification for privacy concerns, WhatsApp’s current head Will Cathcart keeps pointing to its end-to-end encryption feature. End-to-end encryption ensures that WhatsApp or any third party cannot read the messages that are sent. But what WhatsApp conveniently does not address is its collection and sharing of metadata with Facebook. Metadata is simply other kinds of data that surround your app use – this is data that describes the texts (media) you send and receive. While these are not the texts themselves, this form of data is far from insignificant.
In a Twitter thread on the issue, Cathcart said that the policy update “does not change WhatsApp’s data-sharing practices with Facebook”. This could mean either of two things: that WhatsApp was already sharing metadata with Facebook and therefore this particular update changes nothing (basically, user data already compromised), or that, WhatsApp is lying or at least misconstruing the facts (so by ‘data’, Cathcart is avoiding talking about the case with metadata).
(Image of the tweet by Cathcart/ credit: Manasa Narayanan)
To have more clarity on the sheer amount of user information collected, one could look at the list given in the privacy policy statement. It includes data on:
- usage – when you interact with other people and businesses, “the time, frequency, and duration of your activities and interactions”, date of registration, “features you use…messaging, calling, Status, groups (including group name, group picture, group description)”, payment-related information, profile information which includes your “photo”, “about information”, “whether you are online”, “your last seen” and more.
- device – “hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information including phone number, mobile operator or ISP, language and time zone, IP address.”
- location – even if you do not use location services and turn off location sharing, it collects location details using your IP address
Another point to be noted is to do with third-party information sharing. If you connect to WhatsApp via Facebook or any third-party app (by clicking on WhatsApp share button), that data would be collected. Giving an example the platform says that “if you use the WhatsApp share button on a news service to share a news article with your WhatsApp contacts” it will be recorded. So, a user’s sharing patterns, in terms of the particular articles they chose to share, with whom and when, can be very easily found out. This just goes to show that metadata can be very revealing and should be protected too. Such information can be used not just for commercial ad-targeting but also political ad-targeting.
The list above is simply overwhelming, and I have still not mentioned all the data that is being collected. While the company does list these, they do not explain why they collect this information – except for stating that it is for safety and security reasons (in a rather ambiguous write-up under ‘How We Use Information’).
The ‘why’ question is important because when we take a look at other messaging services like Telegram and Signal, they collect a lot less data on their users and yet manage to provide efficient services. This means one does not really need so much user data to run the platforms. Cathcart’s continued statements on building WhatsApp’s business capabilities and Zuckerberg’s keenness on integration, ad-targeting and revenue generation could only mean that this data is collected to be exploited for commercial gains.
At this point, there is also confusion over what these policies mean in the EU (and the UK) as opposed to other parts of the world. While Facebook has come out with a statement saying that the new policies would not affect EU users (given EU’s General Data Protection Regulation), the actual policy statement that WhatsApp has laid down for its EU users says the contrary – that their data could be used by Facebook services.
A Dangerous Info-Communication Monopoly in Making
The move is not only worrying in terms of its implication for user privacy – that has been compromised for quite some time now. It is especially worrisome because of the monopoly powers it gives Facebook in the information-communication space. The integration measures could give Facebook unlimited access to users and their data from all three platforms. Facebook already has a lot of power in controlling the communication channels. This would mean that its power would become even more gigantic.
Challenging this monopolisation, Facebook was slammed with antitrust lawsuits by the Federal Trade Commission (FTC) in early December last year, for its moves in killing competition (basically buying off Instagram and WhatsApp). But this seems to have come relatively late given it was allowed to buy the companies in the first place. The lawsuits aim to break the monopoly which would be some respite for users (in terms of concentration of data and power). But that in itself does not guarantee data protection as well as fair data use.
At the moment, given WhatsApp’s pushy move, several users are considering switching to alternative texting services. These seem to offer better privacy protections, but that is no permanent solution to our data collection, protection and usage issues. If the Facebook-Cambridge Analytica Scandal has to teach us one thing, it is that we need robust mechanisms in place that regulate how for-profit companies collect and use our data.
Header image credit: Chesnot/ Getty images