Privacy Groups File FTC Complaint Over Whatsapp Facebook Privacy 'Bait And Switch'

from the privacy-schmivacy dept

"Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don't have to give us your name and we don't ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that."

"But by coordinating more with Facebook, we'll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you've never heard of."

"The FTC has an obligation to protect WhatsApp users. Their personal information should not be incorporated into Facebook’s sophisticated data driven marketing business,” said Katharina Kopp, Ph.D., and CDD’s Director of Policy. “Data that was collected under clear rules should not be used in violation of the privacy promises that WhatsApp made. That is a significant change that requires an opt-in, according to the terms the FTC set out. It’s not complicated. If WhatsApp wants to transfer user data to Facebook, it has to obtain the user’s affirmative consent."

"The Facebook family of companies will still receive and use this information for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities."

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

When popular messaging app Whatsapp was acquired by Facebook in 2014 for $19 billion, the company responded to the obvious privacy implications with a blog post promising to "set the record straight" about the acquisition, while debunking all of the "inaccurate and careless information" being circulated online. In it, co-founder Jan Koum promised that the app, which has tried to build a reputation on respecting user privacy, would keep privacy at the heart of its operations under Facebook. Privacy was, Koum promised, simply "coded into our DNA":That was then, this is now.Last week, the company announced in a new blog post that it would soon begin sharing Whatsapp user phone numbers and various analytics data with Facebook. While this is obviously about money, the company's blog post repeatedly insisted the move was about helping the end user avoid spam and make stronger, deeper connections with friends:Gosh, thanks. The Electronic Privacy Information Center was quick to claim that Facebook and Whatsapp may have violated federal law with the move. The group notes it filed an FTC complaint back in 2014 (pdf) expressing concern that failure to obtain users' opt-in consent before modifying privacy practices was an "unfair and deceptive trade practice" violating Facebook’s FTC Consent Order (pdf). In a subsequent letter from the FTC to Whatsapp (pdf), the FTC warned the two companies that they must honor their privacy promises to WhatsApp users.As expected, EPIC and the Center for Digital Democracy have filed a formal complaint with the FTC (pdf), accusing Facebook of violating Section 5 of the Federal Trade Commission Act. In public statements, both organizations accuse Facebook and Whatsapp of a "bait and switch" on previous promises that user information would not be used for marketing across the Facebook social media empire:Whatsapp users looking to opt out of data collection within the 30 day warning window simply have to uncheck the "share my account info" box before accepting WhatsApp's newly updated terms and conditions. Users who accidentally approved the new TOS still have several weeks to uncheck this same box by clicking on "settings," "account," then unchecking the same "share my account info" box. Granted the Whatsapp opt out instructions note that even after doing this you're still not entirely opted out of having this data shared with the "Facebook family of companies":It seems unlikely that the EPIC and CDD complaints gain much traction. Fortunately, unlike sectors like telecom, users here aren't stuck waiting on regulators since they already have the choice of alternative, open source (and frankly already more secure ) encrypted messaging options.

Filed Under: encryption, messaging, privacy

Companies: facebook, whatsapp