An instant issue

WhatsApp's new terms can affect privacy

The release of an update on terms of service (ToS) by leading instant messenger WhatsApp has caused many users to revisit the debate about data privacy. WhatsApp is the world’s most popular instant message (IM) service, with over 2 billion users. This is more than four times that of the second-largest, independent IM network (group app Facebook Messenger). The Facebook subsidiary released an API for business users last year and it is ramping up its fintech payment game. The new terms have special relevance to 400 million users in India, which has no data privacy law, making it easier to implement the new ToS. However, the traders’ association, the Confederation of all India Traders, has made representations to the Ministry of Electronics and Information Technology for a stay.

In fact, the new ToS cannot be applied in the European Union since it would violate the General Data Protection Regulation (GDPR). The move may also run into trouble in the US because the Federal Trade Commission and many states have filed anti-trust cases against Facebook and argued that WhatsApp, Instagram, and other Facebook subsidiaries should be delinked and spun off from the social network. The new ToS applies from February 8 this year. It is not granular; users cannot opt out of any of the data-sharing. This alters the privacy landscape. In 2016, WhatsApp had offered an opt-out clause for users who could decline to share data. In its defence, WhatsApp has pointed out that end-to-end encryption remains, which provides privacy for chats between individuals and groups. But the new ToS of around 8,000 words allows business accounts to share data and metadata with service providers. Those service providers could be third-party, or Facebook itself. This means sensitive details discussed in a chat with a business account could be shared.

Moreover, a great deal of WhatsApp data and metadata pertaining to times, locations, devices, connections, contacts, etc is already shared with Facebook. When all these data are linked to the metadata harvested by Facebook from its own social media platform, it would offer a 360-degree picture of users. WhatsApp is used in India to coordinate many school activities. So, this would likely include details about minors. The social network derives 99 per cent of its revenue from advertising. WhatsApp has revenues from the Business API, and also from ads. Both platforms could clearly benefit from sharing data and metadata, and so could any third-party service provider, including partners in India. It may also impact personal data privacy, given that the ToS runs counter to the GDPR, which is the most evolved and comprehensive privacy protection legislation in the world. Many prominent people, including the world’s richest man, Elon Musk, and Twitter Chief Executive Officer Jack Dorsey, have also advised users to move off WhatsApp.

The issues on abandoning WhatsApp, however, are multifold. One is that it is a convenient, user-friendly interface, which users find intuitive. A second issue is network effects: Other IM networks have fewer users, which means smaller networks for interactions. A third future issue could be corporate pressure. If service providers are using WhatsApp business accounts, they will try to persuade clients to stay with it. In the absence of a data privacy law, accepting this ToS boils down to making a choice. Some users will choose to protect privacy, others will shrug and opt for convenience.