Add to that the sheer impact of some of the biggest collectors of personal data in the world sharing it with each other and it is tempting to think that nothing is safe anymore. We decided to take a look and try to reach a balanced view.
What really happened with WhatsApp?
- That isn’t true — the update actually has nothing to do with consumer chats or profile data, and instead the change is designed to outline how businesses who use WhatsApp for customer service may store logs of its chats on Facebook servers.
- According to WhatsApp’s policies, neither Facebook nor WhatsApp read users’ message logs or listen to their calls, and WhatsApp doesn’t store user location data or share contact information with Facebook. (It’s also worth noting that data sharing with Facebook is extremely limited for European users due to stronger user privacy protections with GDPR.)
- The policy also says that end-to-end encryption is used throughout a message’s lifecycle, including if it is stored for any length of time on WhatsApp’s servers.
Was the fuss over WhatsApp justified from a Data Privacy perspective?
Ironically, it is highly likely that the data sharing WhatsApp users are so worried about has already been happening for a while for the vast majority of users of the service. WhatsApp allowed users to opt out of data sharing with Facebook briefly in 2016, two years after Facebook purchased the platform.
Subsequently, new customers and anyone who didn’t manually opt out of data sharing have had some personal information, principally their phone number and profile name, shared with the larger social network for ad targeting and other purposes.
If you look at the privacy labels for WhatsApp on the App Store, labels Apple only last month began forcing developers to disclose, you’ll see scores of information that is marked as “data linked to you,” although only a unique device ID and app usage data is listed as used for “developer’s advertising and marketing.”
Signs of overheating?
From C2 Cyber’s perspective, it is fair to say that the frog is already well cooked. It remains remarkably difficult to be absolutely sure what data is being collected, retained and who it is being shared with by large companies and their associated groups. The Facebook group of companies is just one example. But it is a good illustration.
Facebook has acquired 78 companies over the past 15 years. Merely the 27 purchases for which costs have been disclosed were valued to be worth more than $23 billion. (If you want to see the full story of Facebook’s acquisitions, there is a really good link here). Although there are some exotic purchases involving VR headsets and drone manufacturers, the majority of the estate relies on and thrives because of the aggregation or provision of customer data for focussed advertising purposes. The kind of return on investment that creates such a large financial value makes it irresistible to not share data and that pressure will always exist. Therein lies the threat to data privacy.
Such a conglomeration of sensitive data in one place also makes social media companies an irresistible target for hackers and bad actors. That defines the digital risk.
It would not be so bad if there had not been such a clear run of serious data breaches or examples of a lack of care with personal data among the large players in the industry (Google and Microsoft included). The Facebook example in April 2020 where 267 million sets of personal customer records were sold on the dark web including email addresses, names, Facebook IDs, dates of birth and phone numbers is a case in point.
So, can we trust them?