In short, the change describes how users’ data – including device type, general location, and language – would be shared with Facebook, which acquired WhatsApp back in 2014 and appears keen to use the platform for future data-driven e-commerce initiatives.
A handful of in-depth recaps explain the changes in greater detail, like this overview from Gizmodo. However, one of the most concerning impacts of this development is not so much a particular policy change but rather the trend it illustrates: for users in the United States and other countries lacking strong privacy regulation, their data protection is left to individual companies’ policies. Without federal laws to guarantee a legal baseline for users’ privacy protection, companies must intentionally enact a long-run commitment to informing users of how the processing of their data could evolve over time. Later in this piece, we’ll share a few recommendations on how this can be done.
Unpacking the fallout from the updated WhatsApp policy and charting more effective privacy initiatives require a commitment to delivering relevant information to users in an accessible way. Maintaining user loyalty is hard. It becomes significantly harder when the data relationship between user and platform is modified without transparent communication, and ultimately, respect for the end-user’s position. From WhatsApp’s case, there are plenty of lessons to be gleaned on how that relationship should be managed. In short: unclear communication creates confusion, which rapidly snowballs when there is no legal framework that guarantees users’ privacy protections. In the absence of such laws, millions of WhatsApp users around the world are understandably concerned.
These concerns undercut trust in a business like WhatsApp. And trust in businesses is a massive factor in consumers’ behavior: 89% of consumers express concerns about the protection of their personal information, and 75% of shoppers will prioritize brand trust over price when purchasing a product
Privacy policies, never having been considered light reading, have actually become over 25% longer and measurably more difficult to read since the enactment of GDPR, in a survey of some of the largest tech platforms. Considering that these opaque policies also apply to those not afforded GDPR protections, businesses must do better to inform users of their privacy protections.
Trust in a brand is cumulative and gradual. In the absence of a federal privacy law (though one might be not far off in the United States), businesses must prioritize user privacy as a long-term commitment. Updates to privacy policies are often healthy and necessary. Following these three recommendations can reduce the risk that you catch users by surprise and help you grow your customers’ trust.
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo