from the privacy-schmivacy dept
"Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don't have to give us your name and we don't ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that."That was then, this is now.
Last week, the company announced in a new blog post that it would soon begin sharing Whatsapp user phone numbers and various analytics data with Facebook. While this is obviously about money, the company's blog post repeatedly insisted the move was about helping the end user avoid spam and make stronger, deeper connections with friends:
"But by coordinating more with Facebook, we'll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you've never heard of."Gosh, thanks. The Electronic Privacy Information Center was quick to claim that Facebook and Whatsapp may have violated federal law with the move. The group notes it filed an FTC complaint back in 2014 (pdf) expressing concern that failure to obtain users' opt-in consent before modifying privacy practices was an "unfair and deceptive trade practice" violating Facebook’s FTC Consent Order (pdf). In a subsequent letter from the FTC to Whatsapp (pdf), the FTC warned the two companies that they must honor their privacy promises to WhatsApp users.
As expected, EPIC and the Center for Digital Democracy have filed a formal complaint with the FTC (pdf), accusing Facebook of violating Section 5 of the Federal Trade Commission Act. In public statements, both organizations accuse Facebook and Whatsapp of a "bait and switch" on previous promises that user information would not be used for marketing across the Facebook social media empire:
"The FTC has an obligation to protect WhatsApp users. Their personal information should not be incorporated into Facebook’s sophisticated data driven marketing business,” said Katharina Kopp, Ph.D., and CDD’s Director of Policy. “Data that was collected under clear rules should not be used in violation of the privacy promises that WhatsApp made. That is a significant change that requires an opt-in, according to the terms the FTC set out. It’s not complicated. If WhatsApp wants to transfer user data to Facebook, it has to obtain the user’s affirmative consent."Whatsapp users looking to opt out of data collection within the 30 day warning window simply have to uncheck the "share my account info" box before accepting WhatsApp's newly updated terms and conditions. Users who accidentally approved the new TOS still have several weeks to uncheck this same box by clicking on "settings," "account," then unchecking the same "share my account info" box. Granted the Whatsapp opt out instructions note that even after doing this you're still not entirely opted out of having this data shared with the "Facebook family of companies":
"The Facebook family of companies will still receive and use this information for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities."It seems unlikely that the EPIC and CDD complaints gain much traction. Fortunately, unlike sectors like telecom, users here aren't stuck waiting on regulators since they already have the choice of alternative, open source (and frankly already more secure) encrypted messaging options.