Dispatches 21/01/2021
Usama Khilji is Director of Bolo Bhi and council member of the World Economic Forum’s Global Future Council on Systemic Inequality and Social Cohesion. He also serves on the board of the Global Network Initiative.
21 January 2021
The update in WhatsApp’s privacy policy has rightly ignited a larger debate and awareness regarding privacy policies of technology companies, the business model of social media companies, and data protection laws.
Whereas the update to the WhatsApp privacy policy is related to chats with business accounts whereby they can now share data with third parties including Facebook which owns WhatsApp, it has brought to the fore the extent of data mining that takes place through users’ WhatsApp accounts. Most people are highly concerned about the contents of their private chats, but all group and one-to-one messaging remains end-to-end encrypted which means nobody other than the people in the chat can see it.
However, it is now that people have come to realise that their metadata – data related to user’s identity such as phone number, device, internet connection, names of groups one is a part of, when one uses WhatsApp the most, online status, profile display picture, status posted, stories, etc. – are all accessed by WhatsApp owned by Facebook and used for advertising.
Most will argue that this information is accessed by most social media applications, which is true. Facebook has access to all this information on your phone and more, as does Google and most other applications which silently collect this data and sell it to advertisers. That is the business model of most internet companies, which enable users to use services for free, which has led to technology giants being the wealthiest companies in the world today.
But it is also this very business model that has led to grave violations of privacy of users. The Cambridge Analytica scandal revealed data of up to 87 million users was mined by a third-party application and sold to influence elections through political advertisements. Whereas that led to huge fines on Facebook in the U.S. and U.K. and Facebook tried to be more transparent about their privacy policy by also asking for user consent to process data, how many users really make an informed choice when clicking on “agree” and understand what happens with their data?
Luckily, there are many applications based on a non-profit model, such as the Signal messaging application that is owned by the non-profit Signal Foundation founded by the cofounder of WhatsApp who left WhatsApp to start a truly secure messaging application. Because Signal is non-profit, there is no risk of user data being sold. Because it uses an open source code that created the application, it can be replicated by others as WhatsApp has, and does not own any user data like corporations do. Moreover, Signal only has access to device information of the user, as opposed to all the metadata WhatsApp collects.
The privacy policy update came with a caveat: that it was applicable throughout the world except the European Union where the General Data Protection Regulations (GDPR) that center the right to privacy of users in the law. This should be a lesson for governments the world over: that strong data protection and privacy laws need to be promulgated that protect user privacy, mandate informed consent of users, and protect all data held not only by private companies but governments – the holders of the vastest amount of data – as well.
In Pakistan, we see the government trying to access more private company data for surveillance, as evident in the Removal and Blocking of Online Content Rules 2020, and not protecting data held by government in the draft Personal Data Protection Bill 2020.
Companies must have the highest possible privacy standards for all users, and governments must ensure protection of this data rather than mandating greater access for themselves.
Disclaimer: The views expressed in the article are of the author and do not necessarily represent the institute’s policy.