WhatsApp Privacy Policy Update Part I: The Controversy


It is common knowledge that social media apps such as Facebook are free because they draw their revenue from advertisers. Advertisers are attracted by the platform’s database which can potentially be the audience reach. Hence, it is natural that Facebook will use the personal data from other apps that it acquires to understand the users’ browsing habits and allow the relevant advertisements to show up (or pop-up nuisance). 

They have announced it in 2016

It would have been this intent that Facebook acquired WhatsApp in 2014. In August 2016, WhatsApp announced changes to its privacy policy which, once accepted by users, would see it start to share some user data with its parent company — including for ad-targeting purposes on the latter service. Back then, WhatsApp users could opt out of some of the sharing and had they chosen, WhatsApp will honour that choice. Whilst the feature has been removed from the app settings, you can check whether you're opted out through the “Request account info” function in Settings. 

Controversy Today

WhatsApp updated its terms of use and privacy policy, basically to notify its users that they have until February 8 to read and agree to the new terms. Failure to do so would lead to WhatsApp deleting the user’s account (You can accept these terms again to revive your account). 

Whilst nothing much has changed, there is a strong knee-jerk reaction from the consumers.

WhatsApp raison d'etre is a messaging app and its value proposition to the users is the messaging service and accordingly provides encryption security. They have to comply with data protection laws that the content of the messages should be kept private. WhatsApp policy explicitly states:

WhatsApp's end-to-end encryption is used when you message another person using WhatsApp Messenger. End-to-end encryption ensures only you and the person you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.

It is clearly stating that data collected by WhatsApp that they can store the meta tag (not the content) of their communications and share with other properties owned and controlled by Facebook. These include user phone numbers, “transaction data, service-related information, information on how you interact with others (including businesses) when using our Services, mobile device information, your IP address”.

The Price of a “Free” Messaging App and Increased Users’ choice

The rationale behind the new policy is to integrate better with Facebook‘s family of products, grant leeway for increased interaction with businesses, and gather financial data from users so as to provide users with connectivity. In doing so, it has also added a section called “Transaction and Payments Data” in a push for Facebook‘s various payment services to let users pay for different goods. In the push to bring about choice and convenience, the updated policy says that WhatsApp may send users marketing material about Facebook companies. Plus, the firm will use data collected from the app and other Facebook services for content suggestions, people recommendations, and ads along with service improvements.

With the privacy policy refresh, WhatsApp also removed a passage about opting out of sharing certain data with Facebook: "If you are an existing user, you can choose not to have your WhatsApp account information shared with Facebook to improve your Facebook ads and products experiences." 

However, the good intent requires collecting data from the user which is the tinder for this controversy. As an observer puts it, this is not about WhatsApp sharing any more of the individual’s data with Facebook than it does already, it is about using the individual’s data and engagement with its platform to enable shopping and other business services. From the engagement and data collected, it provides a platform where businesses can communicate with the individual and sell to the individual, in exchange for a “free” use of WhatsApp.

To be able to continue using the app, users will have to accept the terms or choose not to use the app. This is not sitting well with many users. Critics pointed out it may be a case of miscommunication from WhatsApp and somehow the situation spiraled into a public communication issue. 

Handling public perception is one aspect of risk management that DPOs and risk managers need to know, in order to work better with the public relations/marcom team. DPEXNetwork offers a course on Crisis Communication for DPOs and some of the learning may be applicable to such scenario. https://www.dpexnetwork.org/courses/crisis-communications-and-data-breach-response-for-dpos/

This article continues with an analysis of what has NOT changed in Part II.

Part III outlines what has changed.

PS (as of 18 January 2021): Due to widespread criticism, WhatsApp has announced that the change in privacy policy will be delayed to 15 May 2021. 

By: Leong Wai Chong CIPM, GRCP

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.

Become a DPEX Community member to access
data protection resouces and discussions on pertinent topics now.

Access online / in-person courses and view past training records


Join lively discussions on pertinent data protection topics


Gain access to data protection research and video resources


Receive value-added data protection updates from the region

Related Articles