WhatsApp terms of service adjustments 2021 – what you really need to know!
In the new year, WhatsApp has updated its terms of service for the messaging app, which will come into force on May 15, 2021. With the consent, the user now grants, among other things, that certain data can also be shared with Facebook companies and Facebook service providers. But what will really change for users of the world’s most popular messaging service? We spoke to lawyer Dr. Carsten Ulbricht and other data protection experts about this. First of all, very little will change for private communication.
In the past, the company was often rightly criticized for its handling of user data, but in the current case, objective differentiation is appropriate – at least for WhatsApp users within the EU. Strong data protection measures continue to be in place to protect European users from unjustified data exchange. But first things first.
- WhatsApp changes its T&Cs
- What data is affected by the WhatsApp T&C change
- The criticism of the WhatsApp T&C changes
- WhatsApp Business T&Cs & data protection – what really changes?
- Can WhatsApp read my chats?
- Will my data be sold?
- Do I have to accept the WhatsApp T&C changes?
- What happens if I do not agree?
- Are other messengers more secure?
- Can I be sued if I continue to use WhatsApp?
- How can companies use WhatsApp in a privacy compliant way?
1. What will change for users and companies when the new WhatsApp T&Cs come into force?
Driven by unfortunately often misleading media reports, there is currently confusion about the WhatsApp privacy changes, up to outrage about the “data octopus” Facebook.
“The problem is that many media also report stupid stuff in some cases”
Lawyer Dr. Carsten Ulbricht in our WUMMM Weekly Podcast.
But what exactly is changing? What does this mean for users and companies? What data from WhatsApp will be used for what? What does Facebook do with WhatsApp’s data? These questions were answered by Dr. Carsten Ulbricht, a lawyer specializing in social media, in our WUMMM Weekly Podcast.
The primary goal of the changes is not to pass on Facebook data, but to expand the possibilities of use for companies and the topic of shopping.
By agreeing to the new T&Cs, the user now grants, among other things, that certain data may also be shared with Facebook companies and Facebook service providers to connect WhatsApp with other Facebook company products; to ensure the security and integrity of all Facebook company products; and to improve ad and product experiences with respect to Facebook company products.
The information includes, for example:
- account registration information (such as your phone number)
- transaction data
- service-related information
- information about how you interact with others (including other companies)
❗ However, this exchange of metadata is not new and also does not affect users within the EU, as the GDPR (General Data Protection Regulation) applies here on the one hand and the agreement with the EU antitrust authority on the takeover of WhatsApp by Facebook in 2014 prohibits data sharing on the other.
WhatsApp once again directly and concretely comments on the public and media criticism (Source: https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy)
Due to misleading reports, Niamh Sweeney (Director of Policy for WhatsApp, EMEA) also spoke out very clearly on Twitter and clarified the situation:
— Niamh Sweeney (@NiamhSweeneyNYC) January 7, 2021
3/5 There are no changes to WhatsApp’s data-sharing practices in the Europe arising from this update. It remains the case that WhatsApp does not share European Region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or ads.
— Niamh Sweeney (@NiamhSweeneyNYC) January 7, 2021
In a FAQ article, WhatsApp explains the T&C changes and the implications for businesses: The T&C changes primarily affect WhatsApp’s expanded offering for businesses. Here, the change in the WhatsApp T&Cs is intended to provide security. Specifically, it is about the Facebook hosting service, the new options such as stores and shopping carts on the topic of conversational commerce via WhatsApp and how users communicate with companies via WhatsApp.
What is changing with the WhatsApp T&C changes?
A) This does not change in the WhatsApp T&Cs.
The privacy and security of your personal messages and calls do not change. They are protected by end-to-end encryption and neither WhatsApp nor Facebook can read or listen to them. WhatsApp / Facebook will never weaken or soften this security. In addition, WhatsApp / Facebook will mark each chat to inform you about our commitment.
B) Here’s what’s changing with WhatsApp TOS
WhatsApp / Facebook are working to better support over 175 million people who exchange messages with businesses every day. These updates are about optional enterprise features. They are part of our broader efforts to make communicating with businesses safer, better and easier for everyone. The updates are about the following, among other things:
- Enabling customer service: Many customers would like to chat with a business to ask questions, purchase products, or get helpful information such as payment receipts. WhatsApp / Facebook would like to facilitate chats with businesses that may be using Facebook business products.
- Discover a business: often businesses are discovered on Facebook or Instagram through their ads. These may contain a button that allows interested people to send a message to the company via WhatsApp. When you click on such an ad, just like other ads on Facebook, this can be used to personalize the ads you see on Facebook.
- Shopping Experiences: Many people store online, especially now with the current restrictions. Some businesses that have a store on Facebook or Instagram can embed it on their WhatsApp business profile. This way, you can view a company’s products on Facebook and Instagram and shop directly from that company in WhatsApp. If you want to interact with stores, we’ll tell you in WhatsApp how your data is shared with Facebook.
💡 So it’s less about private communication with friends and family on WhatsApp, but more about communication between customers and companies via WhatsApp. Service providers such as MessengerPeople ensure the GDPR-compliant use and processing of this data.
👍 Read more about WhatsApp data protection for businesses in our editorial WhatsApp and data protection in customer communication – Everything you need to know!
No! Like Threema or Signal, WhatsApp uses end-to-end encryption, which means that the data to be transmitted is encrypted on the sender’s side and only decrypted again on the recipient’s side. If you don’t believe WhatsApp / Facebook, you are welcome to read the statement of the State Data Protection Commissioner of Saarland:
The end-to-end encryption used in this process was, in our assessment, state of the art, so that it can be assumed that it is technically ensured that WhatsApp does not obtain knowledge of the content of the communication between the citizen and the municipality.
Source: The Saarland State Commissioner for Data Protection and Freedom of Information
No, as already described above, WhatsApp only has meta data. The data exchange with Facebook is also excluded by the GDPR (at least for EU citizens)!
In “a few weeks” this notice should appear permanently, WhatsApp writes in a specially created blog post on the questions of what happens if you do not agree. If the permanent reminder is there, some functions can no longer be used. Initially, access to chats is denied, but voice and video calls can still be accepted. Messages can still be read via notifications. Again, a few weeks later, WhatsApp no longer works.
The “weeks”, i.e. the duration, varies – which people can write messages for longer remains unclear.
WHICH MESSENGER SCORES WHERE? Original Source: Vice
Basically, there’s a distinction between data privacy and data security. Data protection is about what the company is allowed to do with the data. Here, Signal and Threema are certainly much more transparent and economical. However, they are not necessarily more secure. Signal and WhatsApp, for example, have the same End2End encryption. Telegram, on the other hand, does NOT have standardized end2end encryption and is also far from better than WhatsApp when it comes to data protection!
Data security is about what the company has to ensure technically that nothing unlawful happens to the data. This is about whether your data could be hacked at some point and then sold on the darknet, for example. From Playstation to Netflix, LinkedIn to credit cards or pipeline operators, such data leaks are
I rate the data security of WhatsApp relatively high.
Attorney Dr. Carsten Ulbricht in our WUMMM Weekly Podcast.
It only becomes critical with smaller providers like Signal, Threema, Telegram, etc: In the case of these, the question arises for the reader as to which messengers are most likely to rely on additional sources of revenue – and that is probably not the marketing giant Facebook in the first place.
“At the same time, the app also has to cover its own costs, pay its staff and maintain its technical infrastructure. And then it occurs to them that they can also serve another market with the data that is fed to them daily by their users.”
Messenger researcher Roland Schilling
No, as a private person you cannot be warned off, because you are not subject to the GDPR as a private person. However, companies must look for a DSGVO-compliant software solution!
There are also always misunderstandings when using WhatsApp for businesses, especially because most “data protection experts” here check the normal WhatsApp app for DSGVO compliance.
With regard to WhatsApp, many data protection officers in companies are at the level of 3 years ago!
Attorney Dr. Carsten Ulbricht in our WUMMM Weekly Podcast.
Companies should use the WhatsApp Business API to communicate DSGVO compliant to their customers! This prevents the transfer of data directly to WhatsApp!
Use WhatsApp & Co. with MessengerPeople in a privacy-compliant way:
- AVV with service provider
- No data to WhatsApp
- German server
- Roles & rights for employees
- Deletion concepts
- Data protection officer
- AGB queries for customers / user consent
With our software solution, you can use WhatsApp in a data protection-compliant and scalable way. We take care of GDPR-compliant data storage and processing and work with you to ensure that your Messenger service is legally compliant.
The Messenger Communication Platform is immediately usable and browser-based. It offers all the necessary features for efficient customer communication. You can process and answer all messages centrally, regardless of the messenger. The requests can be assigned to colleagues manually as tickets or automatically via auto-routing.
Our Chatbot Builder helps you and your company to make customer dialogue even more efficient with targeted automation via bot, for example when it comes to pre-qualifying a customer and their inquiry.
You can get a first impression of our product here:
You can always participate in our free webinars. They will guide you through the product and give you tips on content and strategy for your customer service via Messaging Apps. How about the WhatsApp webinar for successful implementation and use?