Privacy paradox and Whatsapp's new Privacy Policy 2021

 

People say that they have high regards and value for their privacy but often get lured to give away personal information for some small discounts or benefits and many times for nothing at all. This phenomenon is known as the " Privacy Paradox". However, Prof. Daniel Solove of George Washington University Law School argues that ' Privacy Paradox is a myth.' He concludes that privacy law should focus on regulating the architecture that structures the way information is used, maintained and transferred. [1]  

This has wide-ranging relevance in this context.

• So, What's the big change in Privacy policy of WhatsApp that's causing a hue-and-cry ?
  

The update in privacy policy primarily revolves around how users interact with businesses on WhatsApp. So, from 15th  May 2021 onward, user's chats with businesses having Facebook as their technology/ hosting / data processing services provider, can be used by Facebook for various marketing purposes which may include advertising on Facebook. For instance, your flight information, transactions details that you have shared with your Airline's Whatsapp Business account, nature of financial products/stocks bought through your stockbrocker's Whatsapp Business account or your holiday plans that you might have shared with your Travel planner's Whatsapp Business account can go into the hands of third parties.

•  Which privacy features remain unchanged ? 
  
  WhatsApp has clarified that private messages to friends, family, co-workers, etc. remain end-to-end encrypted and can be seen by the end-users only. Location sharing feature is also end-to-end encrypted to the person with whom location is being shared. So, threats to your personal space are less in using WhatsApp unless someone hacks your phone or WhatsApp itself collects and tracks other associated unencrypted data (e.g, the metadata) behind the door and utilizes them in an undisclosed way !                                               
  

• What sort of details are currently being shared by WhatsApp with Facebook ?                 

           Account registration information (your phone number), transaction data (it’s started with the introduction of payments feature), mobile device information, service information, diagnostic information, IP address.

• What if a user doesn't accept the new privacy policy ?

            If the new privacy policy is not accepted by you till 15th May 2021, WhatsApp will not delete your account. However, you won't have full functionality of WhatsApp until you accept. For a short time, you'll be able to receive calls and notifications, but won't be able to read or send messages from the app.

•  So, what alternative options do we have ?

         Signal Messenger by non-profit Signal Foundation and Telegram by Telegram FZ LLC are strong contenders to Whatsapp. 

 

Source: Web Share

 

The above data clearly highlights to what extent our personal data can be accessed by these apps.

Now, here we come up with a brief comparison of the three apps from the security, privacy and utility aspect :-

 

As evident from the above comparison, on the privacy and security front, Signal scores higher than WhatsApp and Telegram. In WhatsApp chat messages are end-to-end encrypted but it logs a significant amount of metadata in its servers (that is mentioned in the previous info-graphics: What data each app collect from your phone?) , but in Signal, in addition to chats being end-to-end encrypted, a significant amount of sender's metadata is also end-to-end encrypted through the 'Sealed Sender' feature. Further, metadata logging is minimal, limited to the one's that are essential to run the service.

Chat back-up is much more secure in Signal which can be stored in local device in encrypted form, whereas in both WhatsApp and Telegram chat back-up is stored in cloud and is not encrypted.

The source code of both Telegram and Signal being open-source lend a higher credibility being available to software developer's and cyber security experts around the world for public scrutiny rather than WhatsApp which has closed-source code.

Coming to the utility aspect, WhatsApp outscores the other two with some unique features like Status feature, ergonomic cloud back-up, rich repository of  sticker and emoji packs and of course a huge user base. However, many other essential features as evident from the comparison table above are almost the same for all 3 apps.

• The Controversial, Discriminatory and Unethical aspects :

      1. The proposed privacy policy doesn't have any opt-out option , if one doesn't agree to WhatsApp policy of sharing personal data in business chats for use by Facebook for marketing purposes where Facebook is chosen as stakeholder by the concerned businesses, WhatsApp will simply deny its services to the user, which is outrightly unilateral.

  

      2. Sheer discrimination and double standards lies in the fact that European Union (EU) users enjoy the opt-out option for denying their personal information to be processed for marketing purposes owing to the stringent General Data Protection Regulation (GDPR) in EU. In essence, WhatsApp is exploiting the vulnerability and void created due to lack of Data Protection Law in India.

     3. Recently, Competition Commission of India has lodged a suo motu case against Whatsapp and Facebook, alleging that with the new privacy policy ,WhatsApp may abuse its dominant market position with India having 340 million+ users out of a total of 500 million + users worldwide, as on date. Also such, excessive data collection can have anti-competitive implications. [2] 

• Way ahead: -

     1. With the information at our disposal as elaborated above, I hope we are better placed  on whether to accept the new privacy policy of WhatsApp or not. It is entirely a personal decision. If one accepts it, it is strongly advised to be very cautious in sharing information over business chats.

     2. Alternative Instant messaging apps like Signal which provide much better security and privacy with almost similar utility features are a welcome way forward. Although their features might not be as mature as WhatsApp and are still developing.

   3. Government of India surely needs to pace up its proceedings to come up with a comprehensive Data Protection Law to stop such unilateral, arbitrary high-handedness by these Big Tech Companies. With significant chunk of our activities moving online - be it social networking, e-commerce, banking, e-learning, entertainment, etc., such autocratic acts amount to violation of Fundamental Right to Life and Personal Liberty (enshrined in Art. 21 of the Constitution) with Right to Privacy being an integral part of it as adjudicated by Hon'ble Supreme Court of India. [3]

References:

[1] Paper publication: 'The Myth of the Privacy Paradox' - Daniel Solove 

[2]  CCI's suo motu case against WhatsApp and Facebook due to its New Privacy Policy 2021

[3] Landmark Judgement by SCI in 'Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors' case