‘Your Privacy is Our Priority. Message Privately’
This is WhatsApp’s strapline that you can quickly notice on the company’s homepage.
The company may want to convince you that it’s committed to ensuring private conversations. Yet, the many scandals that have surrounded WhatsApp make it difficult to believe the validity of these strong words.
In the latest news, WhatsApp received a fine for disregarding to properly notify European users how it collects and uses their data, as well as how it shares users’ data with Facebook, the app’s parent company.
Let’s find out more details about WhatsApp’s breaking EU’s data privacy law and what this means to you.
The Implications of the Second-Largest GDPR Fine
WhatsApp has been sharing metadata (including phone number, IP address, cookies, location) with Facebook since 2016. However, since GDPR was enforced in 2018, it was under a legal loophole even if this practice was privacy-invasive.
The investigation related to WhatsApp’s GDPR violations started in December 2018 in Ireland – Facebook’s European headquarters.
Ireland’s DPC (Data Protection Commission) found inconsistencies in WhatsApp’s sharing users data with Facebook and Instagram. WhatsApp users didn’t explicitly consent to share their personal data with other companies, which breaks the GDPR terms.
For example, at the beginning of 2021, you might remember that WhatsApp delivered pop-up messages informing you that your account would be suspended or deleted if you don’t agree to share your personal data with Facebook. The messaging service received a wave of criticism coming from its numerous users and privacy rights groups.
As a result, many users abandoned WhatsApp and downloads of the app dropped to 10.6 million, down from 12.7 million in just one week during January 2021.
Now, WhatsApp has to pay a fine of €225 million for failing to comply with EU’s data protection and transparency obligations. The fine is the second-largest GDPR penalty ever given, after Amazon’s €746 million ($887 million) in Luxembourg in July 2020. It’s also the biggest the Irish regulator has ever issued under the EU’s GDPR data rights charter.
Representatives of the WhatsApp company stated they disagree with the decision and plan to appeal, as reported by the Irish Times.
Notorious Data Privacy Issues Around WhatsApp
The Easy Way to Make Your WhatsApp Messages Private
Your phone has pretty much become the extension of your arm. In the same way, WhatsApp is your most convenient tool to communicate important stuff with friends and family, or your kids’ schoolteacher, or your doctor.
Sure, you can always drop WhatsApp and choose a more private messaging app. That may be impossible sometimes, for practical reasons. Most people use WhatsApp, so you still have a few or more contacts you need to message on this platform even if you get a different app.
However, you can double your encryption methods if you use a VPN. That’s because a VPN encryption adds an extra layer of protection and security to all your data, including online messages.
No digital spy can see anything that you do online, so you’re covering all your personal information. Even if someone could get access to your data, they would only see scrambled untranslatable codes.
Give CyberGhost VPN a test drive with our free trial and discover the wonders of staying invisible on the web.
What is GDPR?
GDPR stands for General Data Protection Regulation, a data protection law the European Commission established to handle consumer data. GDPR unifies data privacy laws across different countries, aiming to enforce stricter rules on data protection and to get people control over their personal information.
What does consent mean?
Consent means companies (including online services, websites, and apps) should give users genuine choice and control over how you use their data. If users have no real choice, it means they didn’t freely give their consent, so it’s not valid. You should have the choice to either your personal data or not, and should have the option to withdraw your consent at any time.
What is personal data?
Under the GDPR, personal data means any information related to a person (‘data subject’) that can lead to having that person’s identity directly or indirectly exposed. Personal information includes name, email address, identification number, location, and even online identifiers as IP address.
What is a data breach?
A data breach is an incident where someone steals or takes information from a system without the knowledge or authorization of the system’s owner. Stolen data may include sensitive, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security.
Who needs to report a data breach?
Businesses have to publicly report and inform its clients about a breach within 72 hours of first having become aware of it. Businesses have to assess the nature, volume and sensitivity of the compromised data, if it’s easy to identify the affected data subjects and what the consequences might be.
Did you ever consider ditching WhatsApp? What was the reason why you’ve thought about it?
Let me know in the comments below.