In summary, Whatsapp will share personal information and data of users with Facebook, in order to mainly improve advertising related revenue channels. For enterprises which use Whatsapp for business purposes these changes of terms have critical consequences.
We have written of the disadvantages and damages of Whatsapp for business use in the past, and suggested to look for a dedicated mobile business messaging app in order to ensure company-wide security, strong data protection and maximum productivity. However, we believe the new changes of the terms of Whatsapp should now make every enterprise seriously considering to stop using Whatsapp for business purposes, if an enterprise wants to avoid damages to and sharing of employee, customer and partner data with Facebook.
WhatsApp new terms in a nutshell
Simplified the new terms allow Whatsapp to share all data of a user with Facebook. While a similar clause has existed for some time, the possibility for a user to opt out of sharing data with Facebook now disappeared. Now Whatsapp may exchange user data like the telephone number, contacts of the address book, transaction information and/or communication data with Facebook and all its subsidiaries (like e.g. Instagram).
Sharing of phone number
Initially Whatsapp will share the phone number and personal information of a user with Facebook. This data should be primarily used to show more relevant advertisement and probably to make tracking of users easier. Since Whatsapp is starting to generate revenue by allowing businesses to message and chat with its user base, the data helps for the identification of users and enabling businesses to easily connect with them across all Facebook platforms and services.
Sharing of address book
In a second step it is quite likely that Whatsapp will share the address book of a user with Facebook. The address book of a user gives an overview of who your family, who your friends are, who you are working with, who your customers and partners are, etc. Whatsapp has also information about a user’s communication behavior like with whom you are communicating with, how often you message, at what time of the day you chat, etc. Even without access to encrypted messages, these two data sources enable a pretty good understanding of a user’s life, interests and habits. The address book alone is a very powerful data source for all kind of advertising revenue, marketing activities and also completely new business models. Whatsapp has access to a user’s address book (it is required to use the service) and all the user’s contacts are already stored on the servers of Whatsapp. Based on the new terms Whatsapp is allowed to share the address book with Facebook.
Sharing of media files
A closer look at the terms also raises questions about the rights of messages and digital content. Under the terms the user grants Whatsapp a free license for all information and media sent, received, uploaded and stored with the app. While it is not clear what this clause is for, effectively it gives Whatsapp the right to do with a user’s data and content anything it wants. Besides this license can be transferred to Facebook and its subsidiaries. Overall, these uncertainties are clearly not the best role model for the privacy of users.
Delay in WhatsApp new term effectiveness
Many users have complained about the new terms and the consequences. To avoid misunderstandings and increase transparency Whatsapp now has delayed the effectiveness of the new terms to 15th May 2021. However, if user wants to continue to use Whatsapp, she/he is going to have to accept the new terms latest at this date.
It is clear that in general personal data is confidential and should be protected. In the case of a consumer who does not need to pay for Whatsapp, the “payment” comes in form of weak data protection and allowing the use of personal data for advertising reasons. The consequences can be negative, but this is a personal decision that a consumer has to make. However, in the cases of a business user or an an enterprise using Whatsapp, this kind of “payment” is not acceptable, since employee, customer and partner data is at tremendous risk. This highly sensitive data needs to be strongly protected, in order to prevent significant damages and costs from a business, customer, legal, compliance and competitive perspective.
GDPR compliant – Yes, No, Maybe?
The use of Whatsapp for business purposes has never been in compliance with the GDPR. The most cited issue here is the uploading of the address book without approval from all customer contacts, which can lead to significant fines under the GDPR. However, there are other potential critical GDPR issues as well: The storage of data outside of Europe, no control over customer data, and no possibility to fulfil GDPR requirements like right to access or right to be forgotten. With the new terms of Whatsapp these issues are becoming even more severe.
Those businesses, who believe the use of Whatsapp as part of the shadow IT is a minor misdemeanour, should be informed that there have been several GDPR fines for the usage of Whatsapp for business purposes in Europe already. So far the highest fine was €150.000. Theoretically for breaching the GDPR an enterprise can be fined up to 4% of its yearly revenue or a maximum of €20 million.
Apart from the GDPR issues a business has no control and no protection of confidential customer data, know how and intellectual property, which might be communicated and shared via Whatsapp. The potential loss, leakage or damage of such information can be equally high.
WhatsApp is not made for business utilization
Enterprises should make no mistake: Currently we just see the beginning of Whatsapp using and sharing personal data for business reasons. Whatsapp will continuously increase data sharing and accessing over the next years. If enterprises don’t take measures quickly, they risk that confidential data of employees, customers and partners is used for unintended purposes by Whatsapp. It should also be clear, that once this has happened, it cannot be undone.
The consumer business model of Whatsapp is in conflict with data protection interests of enterprises. We strongly encourage businesses to switch to a dedicated enterprise messaging app in order protect corporate data and avoid substantial damages.
We are here for you