Please introduce yourself to our readers.
I’m the chairman of a foundation of data protection professionals in India, which is the primary organization in India working on data protection, providing certifications, audit, support and so on. Since 1998 I was working on cyber law issues which was based on our law called the information technology act. Moreover, I’m the founder of Cyber Law College, a virtual Cyber Law Education institution. Now we have extended it to data protection.
On January 4, WhatsApp announced that from February 8, all users of the messenger (except for residents of the EU and the UK) will be forced to share their personal data with Facebook — the social network will have access to phone numbers, transaction information and IP addresses. What has changed?
Actually, compared to what happened before, there may not be significant changes. We know that WhatsApp has been acquired by Facebook, but we are not very sure whether the information from WhatsApp was being shared with Facebook. But I believe it was happening in the background which we do not know. But maybe now, because they don’t want to take any chances with particularly the GDPR (General Data Protection Regulation) authorities they wanted to actually be transparent about what they would like to do. I think this was driven more by the GDPR considerations to just polish their current privacy policies so that any problems could be sorted out.
WhatsApp wanted to disclose the fact that some part of the information collected from WhatsApp would be shared with Facebook and eventually be used for advertising.
So we all know that WhatsApp is a free app. In fact, it’s popularity or growth in popularity was because it was free. But it cannot continue like that forever because there has to be a revenue model for any company. Now WhatsApp has come out to the open and through the new policy has declared what kind of information they are likely to share.
WhatsApp contains two sets of data. One is the metadata – contact list, location, status, financial information and data such as your unique phone ID. So, it all reflects a certain characteristic of persons. That usage information itself is actually a treasure if properly analyzed for the purpose of profiling the person.
As we know from the news, WhatsApp’s innovations have already angered technology experts, privacy advocates, billionaire entrepreneurs and government organizations. But the main thing is that they provoked the flight of users. Why did this happen?
WhatsApp made a big mistake in the sense that they did not clarify properly what do they want to do. They said that this change is only for business applications. But pop up about update actually came for all individuals who are having a personal WhatsApp account. Subsequently, WhatsApp said in the Press release that this is only for business accounts, not for individual accounts. Then the people asked, “why did WhatsApp show this particular pop up to me at all? If it was not meant for me?” It was psychologically, very disturbing for people.
So, it has become easy for people to download Signal, Telegram. And of course in India, there will be a moment to develop our own indigenous apps. So maybe WhatsApp is going to lose more than what, perhaps it could have.
What do you think, why does Facebook need this metadata?
Instagram and Facebook are now going to be able to show even more targeted ads on Facebook and Instagram, having carefully studied the interests and preferences of users in the messenger. In addition, businesses will be able to accept payments in WhatsApp for products that users have selected in Instagram ads.
Whether we like WhatsApp or not, whether we like Facebook or not, they also have the right to say that I cannot do it on free service forever. Now advertising requests profiling, without profiling advertisements cannot be targeting.
If the person wants to give the information by way of consent, let him give it. So this is a fair game between business interests and personal privacy interests. It’s how GDPR is building. There has to be a legal basis.
WhatsApp will read our messages. Is it true?
As it is generally stated, they are not supposed to be reading our messages. Our conversations are encrypted using end-to-end encryption, and, the company says, even WhatsApp itself can not access them. So, the content is getting encrypted with some device-related ID. So, at the moment it leaves my device, It should get encrypted.
Now in case people actually go for backups, storage in the cloud, then there is an issue. So people should avoid cloud storage and make the backup only within the mobile.
In your article “WhatsApp needs to change its Jurisdiction clause in the Terms or else, exit from India” you said that “WhatsApp has created two different sets of policies, one offered by WhatsApp Ireland Ltd to the EU region and the other by WhatsApp LLC to other countries”. How does this apply to India?
Will you continue to use WhatsApp, or have you changed Messenger?
In our professional circles, actually, we have made some moves. Many of the professionals prefer Signal. Of course, some people prefer to Telegram a bit more. Earlier Telegram was the most used platform due to the number of people in the groups. In fact, we were thinking of shifting our FDPPI group to Telegram.
What do you can recommend to our readers?
If somebody is going to have serious professional discussions, financial discussions, then obviously they should look at shifting to Signal. If it is purely personal, family discussions, you can keep using WhatsApp. So, you need to make a distinction between personal use, family use and professional use. If you want 500 people to be in your group then no have a choice, but to leave a WhatsApp. If it’s a small group that handles confidential information, need to change to Telegram.
We’ve covered quite a bit in this conversation. Before we wrap up, is there anything else you’d like to to add?
The only thing I want to say is that we need clarity amongst the ordinary people on what is privacy and what is that we are willing to protect in privacy. It is not absolute protection. It is always the protection of the choice. And the fact that there are, even if you shift from WhatsApp to Telegram, we don’t know whether Telegram will remain free forever.
I feel there is a need for this harmonious relationship between the users and the organizations that make use of the data. And that is the purpose of the data protection law. And when we interpret data protection law, again, we should not be totally one-sided. That is the beauty of this issue, balancing the whole thing.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.