What’s new in the “new” WhatsApp policies?

Bruchou & Funes de Rioja - February 1, 2021
Intellectual Property, Privacy, New Technologies and Legal Advertising

On January 6, WhatsApp announced to its users that the service privacy policy was going to change. More than two billion netizens were compelled to accept the new conditions before February 8 or to renounce the use of the application entirely. Critics didn’t take long: both in the press and on social networks, WhatsApp and -more in general- the Facebook Group[1] were harshly questioned, not only because of the binary all-or-nothing mechanism used to obtain the users’ consent, but because – presumably – the new policy brought about an unjustified advance on personal data and privacy. In the weeks that followed, thousands of people around the world migrated to alternative applications such as Telegram and Signal, some of them following the recommendations of experts and public figures. Even some data protection authorities in Latin America and Europe have made statements about the new WhatsApp policies and initiated administrative actions. In India, for example, the Ministry of Electronics and Information Technologies has required the company through a formal letter to definitively desist from the announced changes.

In response to the questions, the negative repercussions that the news had worldwide and in the face of the danger of a massive loss of users, WhatsApp decided to delay the implementation of the new privacy policy until May 15 of this year. At the same time, the company issued two press releases in which it attempted to further explain the highlights of the update. Attributing most of the criticism to rumors and misinformation, the company said the changes provide greater transparency on how the app processes user data. Furthermore, it explained that the update details new optional features that will be enabled soon in WhatsApp, related to online transactions and electronic payments.

In the midst of the crossfire, it is important to analyze in detail the changes that would take place as of May 15, 2020 in the policies and operation of WhatsApp:

  • Additional purposes of personal data processing: in its previous privacy policy, WhatsApp acknowledged that it would only process users’ personal data to provide the messaging service. In the new policy WhatsApp adds that it will also process personal data to improve, understand, personalize, sustain and market its service.
  • Optional features : in the new policy, WhatsApp establishes that some optional features -such as, for example, sharing geolocation- require additional data processing. However, the optional features are not listed in detail.
  • Cell phone contacts : the new policies establish that the user can upload – if allowed by the applicable laws of their country – phone numbers to contacts on a regular basis. If any of the contacts are not using WhatsApp yet, the information will be anonymized.
  • Commercial features and payment privacy policy : the new update will allow users to buy and businesses to sell products and services on WhatsApp. For this, the company has developed a special privacy policy, applicable to payments through the application. Broadly speaking, this policy establishes that data relating to transactions and payments will be processed in order to complete operations and that this information will also be stored for legal reasons, in order to prevent fraud and scams. Likewise, the payment privacy policy establishes that the users’ commercial information may be shared with financial institutions and with other companies of the Facebook Group. Businesses operating on WhatsApp may also provide additional information to WhatsApp about users, as long as it is legal. Finally, each business could have its own privacy policy, which must be reviewed by users.
  • Time, frequency and length of conversations : in its new policy, WhatsApp points out that it processes data related to the time, frequency and length of conversations or messages from its users.
  • Various user data : according to the new policy, WhatsApp will process metadata related to the functions of the service used by the user, such as messaging, calls, the user’s status, the groups that they integrate (including the group name, group image and group description), profile picture, “about” information, online or offline status of the user and when the user last used WhatsApp. online offline del usuario y cuándo el usuario utilizó WhatsApp por última vez.
  • Geolocation : In its new policy, WhatApp declares that it collects precise location data with the user’s permission when the user chooses to use geolocation-related functions, such as when they decide to share their location with their contacts or view nearby locations. However, WhatsApp points out that, even if the user does not use location-related features, the company collects IP addresses and other information such as area codes from phone numbers to estimate their general location (e.g. city and country where they are located).
  • Personal data storage : in the new policy, WhatsApp declares that it will store users’ personal data for the time it deems necessary to fulfill the purposes explained above. According to the company, the storage periods are determined on a case-by-case basis. The criterion is fundamentally discretionary.
  • International transfers and data storage in various jurisdictions : WhatsApp’s new policy states that when sharing data with other Facebook Group companies – a practice that began in 2016 – information is transferred and then stored on servers located in different countries, which have different data protection laws. The list of countries where the information might be stored is not available.

In short, the update of WhatsApp policies does not have the scope that its worst critics announce, but it is not an innocuous reform, limited to business features, as WhatsApp has intended to publicize. The changes make something that has been known for years clearer and more transparent: that the application is a data-driven, business, whose profitability depends on extracting as much information as possible from users and then selling them targeted advertising through Facebook Group platforms and services. It is true that conversations are end-to-end encrypted and, as far as we know, their content would be inaccessible even to WhatsApp. But the metadata of those conversations – as is now clarified with precision in the privacy policy – are processed for profiling and targeted marketingIn other words, the users’ location, their contacts, the hours in which they connect and disconnect, the frequency and length of their conversations, the groups they integrate, their IP address, their electronic transactions, the device they use, their photo, status and many other categories of information are processed to build a user profile, to which own or third party products and services can be offered in a customized way.

There is no doubt that the changes in the policies provided an opportunity for users, the press and also specialists to read more critically the operation and business model of WhatsApp: a service that is free when measured in pesos or dollars, but that has a cost when the measurement unit is user privacy.

[1] We recall that on February 19, 2014, Facebook Inc. announced the purchase of the instant messaging service WhatsApp for USD 19 billion.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/2″][vc_hoverbox image=”6671″ primary_title=”” hover_title=”DámasoPardo” hover_btn_title=”Read Profile” hover_btn_color=”sky” hover_add_button=”true” hover_btn_link=”url:https%3A%2F%2Fbruchoufunes.com%2Fprofesionales%2Fpardo-damaso-a%2F|||”]
Socio | Partner
[/vc_hoverbox][/vc_column][vc_column width=”1/2″][vc_hoverbox image=”6670″ primary_title=”” hover_title=”Paula Fernández” hover_btn_title=”Read Profile” hover_btn_color=”sky” hover_add_button=”true” hover_btn_link=”url:https%3A%2F%2Fbruchoufunes.com%2Fprofesionales%2Ffernandez-pfizenmaier-paula%2F|||”]Socia | Partner