Messaging service WhatsApp has come under fire for privacy changes that will see it share more personal data with parent company Facebook.
In a blog outlining the change to its terms and conditions, WhatsApp said the changes - the first for four years - would enable it to, “track basic metrics about how often people use our services and better fight spam on WhatsApp.”
Facebook acquired the messaging service for $19 billion in 2014.
One of these changes will see WhatsApp share users’ names and phone numbers with Facebook, to “offer better friend suggestions and show you more relevant ads if you have an account with them.” For example, Facebook could use phone numbers to match users that have communicated on WhatsApp but not connected on Facebook.
Users’ phone numbers will not be displayed on Facebook, and messages will not be shared, WhatsApp pointed out. “Even as we coordinate more with Facebook in the months ahead, your encrypted messages stay private and no one else can read them. Not WhatsApp, not Facebook, nor anyone else. We won’t post or share your WhatsApp number with others, including on Facebook, and we still won't sell, share, or give your phone number to advertisers.”
The move will also help WhatsApp increase its revenue. Part of the changes to its terms and conditions will enable WhatsApp to let companies communicate with users through their account. Examples include banks that warn of fraudulent transactions and airlines notifying passengers of delays or other flight changes.
Users concerned about these changes and the impact they may have on their data have 30 days to opt out from agreeing to the changes. There appear to be two options for opting out. The first is when users are presented with the new terms and conditions and asked to agree. Instead of clicking agree, users should tap “read more” and deselect the checkbox that says “share my account info.” The second way is to go click Settings, then Account and deselect the “share my account info” checkbox.
Jonathan Armstrong, partner at law firm Cordery, told InfoSecurity Magazine that changes such as these could result in regulatory problems if users feel they haven’t been adequately notified.
“There’s always an issue when a service changes its terms, especially one which plays in the mobile space since it’s harder to push terms and harder to read them when on the move,” he said. “There’s also an issue when large companies buy smaller ones in this space when they collect the data across platforms – for example the Dutch/French privacy action against Google shows us this is a concern.”
“The key will be making sure users know what’s happening. If there are complaints that users have been misled this could lead to action from regulators – and not just in the privacy space but also fair trade regulators like trading standards or CMA in the UK or the FTC in the US,” Armstrong concluded.
The ICO, meanwhile, said it was looking into the changes. “Our role is to pull back the curtain on things like this, ensuring that companies are being transparent with the public about how their personal data is being shared, and protecting consumers by making sure the law is being followed,” said Information Commissioner Elizabeth Denham.
“We’ve been informed of the changes. Organizations do not need to get prior approval from the ICO to change their approaches, but they do need to stay within data protection laws. We are looking into this,” she added.