WhatsApp Privacy 2021
Most important information about WhatsApp and privacy
- WhatsApp is a messenger service that has been part of the Facebook group of companies since 2014.
- About 81 percent of German Internet users also use WhatsApp
- Even if these are mainly not to affect private users in the EU, experts expect encroachments on privacy.
- The Hamburg data protection commissioner ordered a ban on the processing of user data by Facebook, an EU-wide approach is being clarified
Content on WhatsApp & Privacy:
Adjustment of the WhatsApp guidelines 2021
The messenger service WhatsApp has updated its terms and conditions, which came into force on 15 May 2021. In order to continue using the full functionality of WhatsApp, users must agree to the changes. However, this consent also means that data will be transferred to Facebook.
What exactly has WhatsApp adjusted?
According to the statements of WhatsApp, nothing wil change for users in the EUwho use the messenger for exclusively private communication. This is only partially true, because private users could also be shown more personalised advertising on Facebook and Instagram after agreeing to the changes. The question of why private users still have to agree to the new conditions, WhatsApp justifies with the fact that they could decide in the future to extend the exclusively private communication to the communication with companies.
The new business functions include the following functions:
- Enabling customer service: Chatting with the company, offering secure hosting services through Facebook.
- Discover companies: Button in Facebook or Instagram ads with which message can be sent via WhatsApp, consequently users receive personalised ads
- Shopping experiences: Integration of Instagram and Facebook shops into the WhatsApp company profile.
WhatsApp receives criticism for adjustments
The Hamburg Commissioner for Data Protection and Freedom of Information issued a Order prohibiting further processing of WhatsApp user data by Facebook. However, this order only applies to German users and is valid for three months due to the urgency procedure. A decision at European level by the European Data Protection Committee (EDPC) is being clarified.
Current status and implications for users
At the beginning of 2021, WhatsApp communicated that users must agree to the new guidelines. If users do not agree, WhatsApp announced that it would first permanently display the consent notice and disable access to chats. Users would then only be able to accept voice and video calls and read messages via notifications. These limited functions should be gradually turned off.
These moves were not only badly received by privacy regulators, but also by users. The download numbers of messenger alternatives, such as Signal and Telegram, increased rapidly. As a result, WhatsApp announced that users should not expect any restrictions for the time being, should they not agree to the new terms. Currently, the messenger service is in consultations with authorities to clarify the further procedure.
WhatsApp use in the private sphere
What does this mean for private individuals in terms of data protection? The processing of personal data requires according to General Data Protection Regulation (GDPR) the consent of the persons concerned. This fact does not apply under certain conditions. Should personal data of natural persons be processed for the exercise of exclusively personal or family activities, no consent of the data subject is required.
WhatsApp has been part of the Facebook company since 2014. What does that mean?
In concrete terms, this means that Facebook has access to certain data that is collected by WhatsApp. Even if the person whose data is collected does not use Facebook itself. In some cases, it is possible for users to restrict access to certain information, but this results in usage restrictions.
WhatsApp use in the company
Can WhatsApp be used on the service phone?
WhatsApp cannot easily be used on the service phone. This is because even in this case, personal data stored in the address book of the smartphone is passed on. Although this is unproblematic for users who already use WhatsApp (the company can already access the data), data is also transferred to WhatsApp from people who do not yet use WhatsApp. The transfer of this data is a violation of data protection and can be punished with fines.
WhatsApp and customer contact: allowed by data protection laws?
If a company wants to contact customers via WhatsApp, this is only possible if the consent of the data subject is obtained and a contract is drawn up between WhatsApp Inc. and the company. Otherwise, the use of the messenger service is not legally permissible and violates the provisions of the General Data Protection Regulation. If even one person from the address book objects to being contacted via WhatsApp, WhatsApp's automated access to the contacts in the address book is no longer permitted. Unless this contact is deleted from the address book. Accordingly, the use of WhatsApp in the corporate environment and in relation to compliance with the requirements of the GDPR very critical.
Measures that support data protection when using WhatsApp
Users of WhatsApp can ensure a certain level of privacy through certain settings in the end devices or in WhatsApp itself, for whom this is not enough should switch to alternative messenger services such as Signal or Telegram.
Settings on the mobile device or in WhatsApp for private use
The following Access to information can be restricted in the settings of the end devices or in the settings of WhatsApp:
- Status "Last online": The status of the WhatsApp user can be turned off in the settings of the app itself, under "Account" in the "Privacy" section. This means that contacts can no longer see when you last used WhatsApp.
- Location information: In the settings of the respective terminal device, access to the current location can be restricted or switched off completely.
- Contacts in the address bookIn the settings of the respective terminal device, access to contacts in the address book can be restricted or switched off completely. However, this has the consequence that only the number of the contact is visible in the WhatsApp chat and you yourself can only reply to incoming messages. It is no longer possible to make contact on your own initiative.
- Read display for messages: The display of the checkmarks when sending messages exists since 2014 and can be deactivated in the app's settings. Deactivating your own status means that you can no longer view the status of other WhatsApp users.
- A grey tick: the message was successfully sent
- Two grey ticks: the message was sent and received by the recipient
- Two blue ticks: the recipient has read the message
In general, it is not recommended to communicate sensitive data via WhatsApp.
Measures for companies to use WhatsApp in a GDPR-compliant manner
In any case, companies should use the WhatsApp Business API and implement the following measures to act in compliance with the GDPR:
- Coordinate the use of Whatsapp with the data protection officer
- Order processing contract create with WhatsApp
- Create processing activities in the register of processors
- Observe the corresponding deletion periods and store them in the deletion concept.
- Add WhatsApp to information requirements and make available to customers
- Obtain the consent of the user
- Ensure that no data is transferred to WhatsApp
- Store processed data on German servers
- Develop and implement roles & rights system for employees
Switch to other messenger services
Even though WhatsApp is undoubtedly one of the most popular messenger services, there are alternatives. These have become increasingly popular since the changes to the usage and privacy regulations became known.
Data protection experts recommend the messenger Signal in particular, as it is open source and relies on end-to-end encryption; contacts are also only synchronised anonymously and metadata is hardly ever stored. Signal also offers the function of making encrypted calls or blocking chats with a PIN code.
Other alternative messenger providers are Telegram, Threema or Wire.