This move seems to have been misunderstood and even overhyped by commentators with limited expertise. Others with an axe to grind against WhatsApp / Facebook because of mistrust have shared somewhat biased views in view of alternative messaging apps citing them to be less intrusive.
In this article, we hope to give a balanced view from a layman’s perspective of what is happening and explain the specific context on how users will benefit besides sharing the privacy pitfalls to be wary of. Users can then decide the next steps.
In Part II we looked at what has NOT changed. Let’s look at what has changed.
As mentioned earlier, what has changed is how merchants using WhatsApp Business to chat with customers can share that data with Facebook. Spurred in no small part by the coronavirus pandemic, Facebook is bringing together all of the tools it has been building for companies to better leverage Facebook and its other companies, (Instagram and WhatsApp) both to advertise themselves, as well as, communicate with and sell to customers.
WhatsApp is offering businesses, especially SMEs, the option to use Facebook's new hosting services that allow them to manage their WhatsApp business account messages easily for their own in-house or customer communications. What this means is that it will be easier for small and medium-sized businesses to have their business pages or groups on Facebook to easily redirect their clients to their WhatsApp business account, and to keep their inventory updated while quickly responding to their clients’ messages. This includes marketing and promoting their services and conducting online transactions where there will be processing of personal information.
This inter-company sharing of personal data opened up a can of worms where many have speculated about privacy issues arising from sharing such personal information - and no thanks to the mistrust of Facebook and their poor privacy record. In truth, from a functional perspective, this sharing of personal information with other third parties is no different from what is being done on Google or any shopping portals such as Amazon, Lazada, or Shopee.
Let’s take a look at the specific context where WhatsApp collects and shares personal data in the business context of the WhatsApp Business app in terms of :
Here is a random search of an example of a business promoting its products and services on Facebook:
It is not difficult to imagine that the “Message” button, which is currently using Messenger from Facebook, could have an additional option to WhatsApp the business. This could be useful for many people who don’t have Messenger as their main means of communications and therefore can now WhatsApp to a specific business separately for customer service.
Let’s take a look at another random example of a company that sells its products on Facebook.
In this example, the same “Message” button is used to enable an e-commerce transaction. Using Facebook’s new hosting services, businesses or business service providers can use the WhatsApp Business API (application program interface) to conduct their e-commerce services. This means that users can easily transact with businesses via the WhatsApp engine.
This is where personal data could be shared with businesses in order to help fulfil the transaction. WhatsApp states that in this context, personal data can be used in targeted advertisements and recommendations. Yet, many people freaked out and self-proclaimed privacy experts suddenly gave their own views on why this is wrong and the many privacy issues arising from this.
For anyone who has done online shopping or bought products, how many times have you responded to recommendations associated with the product you have purchased? Do you recall seeing customised advertisements related to a purchase you made, a website you visited or a product you browsed? These custom messages would not have been possible if your data was not shared with third parties in the first place and your online behaviour being tracked with sophisticated analytics involved.
So, are the privacy concerns valid? Yes. But it's not just Facebook and its group of companies. Every online business and mobile developer are actually doing it with the good intentions of enhancing your customer online experience while monetizing your personal data! It just so happens that Facebook happens to be one of the biggest culprits.
The fact is that online business entities whom you are communicating or transacting with via WhatsApp (or any mobile app for that matter) can also abuse your personal data. So WhatsApp users, who choose to use WhatsApp in the above business context should also read the privacy policies of the organisations they choose to do business with and do their due diligence.
As businesses can now have access to such personal information, the onus is now on them (and not only Facebook or WhatsApp as they have their own privacy policies) to safeguard the personal data in their possession and put in proper transparent practices to ensure the data is used responsibly and according to their declared purposes.
This is where local data protection laws and the EU General Data Protection Regulation (GDPR) keep such companies in check by ensuring they follow specific rules when collecting, using, disclosing or storing personal data.
As part of our analysis of data protection trends in 2021, we expect to see more privacy breaches along with the usual data breaches. While WhatsApp is secure, there will inevitably be user ignorance where they attach unsecured documents containing personal data in chat groups or sharing such information with the wrong recipient.
The point here is that when it comes to these businesses operating online, the issue is not just only about WhatsApp or Facebook’s privacy practices, but also their own privacy policies as well. And sadly, in Singapore many SMEs are currently not PDPA compliant and therefore, are susceptible to data/privacy breaches. There are now stricter PDPA requirements where businesses must inform the Personal Data Protection Commission (PDPC) within three days if there is a data breach.
Userbase is probably one of the key factors to consider when moving to another platform where there is currently no alternative to WhatsApp.
While the younger generation (who also don’t use Facebook) might migrate to another platform, they may not necessarily delete their WhatsApp account. There is a strong possibility that they would keep it only to maintain communication with their family members.
Again, it is important to point out that many users moved to another platform as a knee jerk reaction to the initial announcements and the lack of information. WhatsApp has already clarified many of the initial privacy concerns and we hope that our examples have better clarified the misunderstanding and misinformation.
Ask the following questions If you are still undecided on whether to move to other platforms:
f) Other important questions
These are but some of the factors to consider in the WhatsApp controversy debate and the follow-up actions.
Article by Kevin Shepherdson - Fellow of Information Privacy, CIPM, CIPP/A, CIPP/E, CIPT, Exin (GDPR, Infosec), GRCP
Based on webinar panel discussion with:
Celine Chew - Fellow of Information Privacy, CIPM, CIPP/A, CIPT, Exin (GDPR, Infosec), GRCP
Dr Prapanpong Khumon - Associate Dean at School of Law, University of the Thai Chamber of Commerce, Thailand. Advisor to Secretary-General of the Personal Data Protection Commission in Thailand.
Lyn Boxall - Fellow of Information Privacy, CIPP/E, CIPP/A, CIPM
Andrew Fam - CIPT, Chief Technology Officer (CTO)
Access online / in-person courses and view past training records
Join lively discussions on pertinent data protection topics
Gain access to data protection research and video resources
Receive value-added data protection updates from the region
Well, this was going to happen at some point in time in the world - with the ex…
Now that we are starting a new year, we can reflect on a few compliance trends …
The initial years of computerisation and digitisation has enabled businesses to…