WhatsApp, the Facebook-owned centralized messaging app, had recently notified its users about an amendment to its privacy policy from the 8th of February. As per the new policy, users will have no choice but to accept the amended terms to continue using the app. This update by WhatsApp has fabricated insecurity amongst its users.
WhatsApp had claimed that users' data privacy protection and security are coded into their DNA. However, after the latest amendment, it has left a question of whether the DNA line would be compromised. Similar questions have also led many WhatsApp users to withdraw from the app and move to other platforms such as Signal and Telegram. There have also been allegations against the company for sharing user data with tech giants that happen to be affiliates of Facebook to enhance their commercial ad strategies.
Though the tech giant clarified that the new privacy policy does not compromise user privacy, on the contrary, Tripti Jain, a lawyer, and researcher at Internet Democracy Project says, "This clarification/FAQ by WhatsApp aims to re-instill trust in people that they have lost because of the new privacy policy; however, it has proven to be counterproductive. What should be noticed is that the clarification briefs only about things WhatsApp cannot do. It fails to delineate what WhatsApp can do with personal data of individuals and how it does."
The tech giant further stated that personal messages will continue to remain end-to-end encrypted. End-to-end encryption is a security mechanism for communication that only allows users of a specific conversation to read messages. The messages are secured with locks, and only the recipient has the special key to unlock and read the messages. In addition to it, the keys are developed to change with every message sent.
But in reality, WhatsApp does fetch ample amounts of data from its users by default. For instance, during installation, WhatsApp gathers device and connection-specific information such as the hardware model, operating system, battery level, signal strength, mobile network, IP address, etc. Then, it collects account specific information such as contact numbers, profile pictures, last seen, calls, statuses, and 'about' details. If a user uses the payment option, essential information during a transaction such as payment account, transaction amount, payment method, and shipping details are also collected. In a nutshell, there clearly seems to be an ulterior motive behind the data they gather.
Interestingly, the privacy policy does not apply to users from the European Union, as it is a contravention of the General Data Protection Regulation (GDPR). "The GDPR is a very stringent law which ensures privacy and protects the data of its people, unlike India where Personal Data Protection Bill is yet to be enacted into law," says Dr Karnika Seth, a Cyber Law expert. Under the GDPR, violation of the law lands corporates in fines ranging from 20 million Euros to 4% of the company's annual global turnover. Dwelling upon the same, isn't it unfair that the rules apply to only certain regions of the world? Shouldn't India come up with similar laws to help protect the data privacy of its citizens? As our data continues to get digitalized, data privacy is essential. People must inculcate self-consciousness about their actions over social networking sites and how their data is being used.