IT-IP LAW NEWS

How not to handle a policy update communication: the Whatsapp case

The announcement of an update of the privacy terms of the popular messaging app created a sensation, and brought many users to abandon WhatsApp, leading the company to make a dramatic about face

Pubblicato il 22 Mar 2023

Andrea Grillo

Senior Legal Consultant – Partners4Innvovation

Le violazioni di Whatsapp sotto la lente di EDPB

Since January 7th, many users received a notification from WhatsApp concerning the new privacy policy adopted by Facebook’s instant messaging app. The communication pointed out that refusing the new conditions would have prevent users to continue using WhatsApp from 8th February, on which those changes were supposed to take effect.

“Were supposed to”, because thousands of users strongly disapproved this imposition on the use of their data, leaving the app and leading Whatsapp to partially turn back on its decision.

Avviso privacy Whatsapp, ecco cosa non torna: i nodi giuridici

What caused particular concern in the new privacy policy

Following the announcement, Google’s Play Store reported download statistics in contrast with the normal trend: the downloads of alternative messaging applications, more privacy-friendly than WhatsApp, increased sharply. Telegram recorded more than 500 million downloads in just a few days, while Signal, previously unknown to many, reached 10 million downloads within a few weeks.

But what has triggered all this? And above all, to what extent users’ fears about the dangers to their privacy are justified?

What caused particular concern was, first and foremost, the warning pop-up followed by the appearance of the app’s privacy policy: both were not formulated in a clear and transparent manner, raising doubts about the actual use that WhatsApp would have made of the personal data of all its users – in particular, in relation to the sharing of personal data within the Facebook group. A big mistake in the communication and management of this update, which brought Zuckerberg’s company in the eye of the storm.

Analyzing the pop-up containing the new privacy terms, the trenchant approach is evident: we are dealing with a “forced consent”.

We know that consent, in order to comply with the conditions set out in the GDPR, must be freely given, specific, informed and unambiguous, as well as collected by means of a request that shall be presented in a manner which is clearly distinguishable from the other matters, in a intelligible and easily accessible form, using clear and plain language, as stated in Article 7, par. 2 of the GDPR.

The first manifest communication error by WhatsApp

WhatsApp, in this case, gave to its users two “choices”: unconditionally accepting the new privacy policy or renouncing the instant messaging service.

This is the first manifest communication error by WhatsApp: what should have been an acknowledgement of the new privacy policy, with a focus on the changes introduced for business users, was interpreted by most of the users as a unilateral imposition of such policy, even though the update did not introduce any substantial change in relation to marketing activities or other processing carried out on data subjects in the EU on a voluntary basis (such as access to location data, camera or photos, which would have still required a specific consent, which could have been withdrawn at any time).

The sharing of personal data processed by WhatsApp with Facebook

Another thorny issue that caused confusion among the users is the sharing of personal data processed by WhatsApp with Facebook.

WhatsApp’s privacy policy – applicable to EU users – states that the platform, based on its own legitimate interests, collaborates and shares information with other companies of the Group to:

  • offer fast and reliable messages and calls and analyse performances;
  • ensure security, and integrity of data on WhatsApp, by removing spam accounts and thwarting inappropriate activity;
  • connect the user experience on WhatsApp with other products offered by other companies of the Group.

WhatsApp shares with Facebook some pieces of information about the device and personal data of the user including – by way of example – the verified phone number provided when signing up to WhatsApp, the operating system version, the application version, the country code of the mobile number and some pieces of information on the use of the app (such as last access, date of registration, used functions and their usage frequency).

Quite apart from the legal questions that the identification of an appropriate legal basis for such processing raises, it is important to note that these activities were already performed – and mentioned in WhatsApp privacy policy – even before the release of the update. However, the lack of transparency led users to perceive this update as a real danger for their privacy.

The views of the Italian Data Protection Authority

The Italian Data Protection Authority also expressed its views on the topic. In January, it issued a note on its institutional website commenting that “The message devised by WhatsApp to inform its users about the updates to the terms of service taking effect from the 8th of February – which concern in particular the sharing of data with other companies in Facebook’s group – and the new privacy policy itself are not clear and intelligible enough and have to be assessed in depth by having regard to data protection legislation”.

The Italian DPA therefore concluded that the term of service and the new privacy policy do not enable users to understand what changes have been introduced or what processing operations will be factually carried out by WhatsApp after the 8th of February.

For this reason, the Italian DPA decided to raise the issue before the European Data Protection Board (which includes representatives from all EEA data protection authorities), and at the same time did not rule out the taking of urgent measures to protect Italian users and enforce compliance with personal data protection legislation.

Following these complaints, WhatsApp – through the publication of some FAQs on its website –attempted to clarify what would change and what, instead, would remain unchanged with the updates.

Whatsapp explained that was forced to clarify that “Neither WhatsApp nor Facebook can read your personal messages or hear your calls with your friends, family and co-workers on WhatsApp, because they are protected by end-to-end encryption”.

Conclusions

The whole issue demands serious attention on the increasing awareness of consumers towards the protection of their personal data and, therefore, on the importance of paying due attention to this matter and to the ways in which companies communicate with their products or their services users. Transparency and compliance with the regulations are distinctive traits that strengthen the users’ trust in organizations. A breach of this trust relationship can have serious consequences, as made evident by the Whatsapp case.

Valuta la qualità di questo articolo

La tua opinione è importante per noi!

EU Stories - La coesione innova l'Italia

Tutti
Analisi
Video
Iniziative
Social
Programmazione europ
Fondi Europei: la spinta dietro ai Tecnopoli dell’Emilia-Romagna. L’esempio del Tecnopolo di Modena
Interventi
Riccardo Monaco e le politiche di coesione per il Sud
Iniziative
Implementare correttamente i costi standard, l'esperienza AdG
Finanziamenti
Decarbonizzazione, 4,8 miliardi di euro per progetti cleantech
Formazione
Le politiche di Coesione UE, un corso gratuito online per professionisti e giornalisti
Interviste
L’ecosistema della ricerca e dell’innovazione dell’Emilia-Romagna
Interviste
La ricerca e l'innovazione in Campania: l'ecosistema digitale
Iniziative
Settimana europea delle regioni e città: un passo avanti verso la coesione
Iniziative
Al via il progetto COINS
Eventi
Un nuovo sguardo sulla politica di coesione dell'UE
Iniziative
EuroPCom 2024: innovazione e strategia nella comunicazione pubblica europea
Iniziative
Parte la campagna di comunicazione COINS
Interviste
Marco De Giorgi (PCM): “Come comunicare le politiche di coesione”
Analisi
La politica di coesione europea: motore della transizione digitale in Italia
Politiche UE
Il dibattito sul futuro della Politica di Coesione
Mobilità Sostenibile
L’impatto dei fondi di coesione sul territorio: un’esperienza di monitoraggio civico
Iniziative
Digital transformation, l’Emilia-Romagna rilancia sulle comunità tematiche
Politiche ue
Fondi Coesione 2021-27: la “capacitazione amministrativa” aiuta a spenderli bene
Finanziamenti
Da BEI e Banca Sella 200 milioni di euro per sostenere l’innovazione di PMI e Mid-cap italiane
Analisi
Politiche di coesione Ue, il bilancio: cosa ci dice la relazione 2024
Politiche UE
Innovazione locale con i fondi di coesione: progetti di successo in Italia
Programmazione europ
Fondi Europei: la spinta dietro ai Tecnopoli dell’Emilia-Romagna. L’esempio del Tecnopolo di Modena
Interventi
Riccardo Monaco e le politiche di coesione per il Sud
Iniziative
Implementare correttamente i costi standard, l'esperienza AdG
Finanziamenti
Decarbonizzazione, 4,8 miliardi di euro per progetti cleantech
Formazione
Le politiche di Coesione UE, un corso gratuito online per professionisti e giornalisti
Interviste
L’ecosistema della ricerca e dell’innovazione dell’Emilia-Romagna
Interviste
La ricerca e l'innovazione in Campania: l'ecosistema digitale
Iniziative
Settimana europea delle regioni e città: un passo avanti verso la coesione
Iniziative
Al via il progetto COINS
Eventi
Un nuovo sguardo sulla politica di coesione dell'UE
Iniziative
EuroPCom 2024: innovazione e strategia nella comunicazione pubblica europea
Iniziative
Parte la campagna di comunicazione COINS
Interviste
Marco De Giorgi (PCM): “Come comunicare le politiche di coesione”
Analisi
La politica di coesione europea: motore della transizione digitale in Italia
Politiche UE
Il dibattito sul futuro della Politica di Coesione
Mobilità Sostenibile
L’impatto dei fondi di coesione sul territorio: un’esperienza di monitoraggio civico
Iniziative
Digital transformation, l’Emilia-Romagna rilancia sulle comunità tematiche
Politiche ue
Fondi Coesione 2021-27: la “capacitazione amministrativa” aiuta a spenderli bene
Finanziamenti
Da BEI e Banca Sella 200 milioni di euro per sostenere l’innovazione di PMI e Mid-cap italiane
Analisi
Politiche di coesione Ue, il bilancio: cosa ci dice la relazione 2024
Politiche UE
Innovazione locale con i fondi di coesione: progetti di successo in Italia

Articoli correlati

Articolo 1 di 3