In the few short days since its unveiling, WhatsApp’s updated Privacy Policy has provoked widespread backlash, including a request from the Indian government to withdraw the changes entirely.
In the few short days since its unveiling, WhatsApp’s updated Privacy Policy has provoked widespread backlash, including a request from the Indian government to withdraw the changes entirely.
In short, the change describes how users’ data – including device type, general location, and language – would be shared with Facebook, which acquired WhatsApp back in 2014 and appears keen to use the platform for future data-driven e-commerce initiatives.
A handful of in-depth recaps explain the changes in greater detail, like this overview from Gizmodo. However, one of the most concerning impacts of this development is not so much a particular policy change but rather the trend it illustrates: for users in the United States and other countries lacking strong privacy regulation, their data protection is left to individual companies’ policies. Without federal laws to guarantee a legal baseline for users’ privacy protection, companies must intentionally enact a long-run commitment to informing users of how the processing of their data could evolve over time. Later in this piece, we’ll share a few recommendations on how this can be done.
Unpacking the fallout from the updated WhatsApp policy and charting more effective privacy initiatives require a commitment to delivering relevant information to users in an accessible way. Maintaining user loyalty is hard. It becomes significantly harder when the data relationship between user and platform is modified without transparent communication, and ultimately, respect for the end-user’s position. From WhatsApp’s case, there are plenty of lessons to be gleaned on how that relationship should be managed. In short: unclear communication creates confusion, which rapidly snowballs when there is no legal framework that guarantees users’ privacy protections. In the absence of such laws, millions of WhatsApp users around the world are understandably concerned.
These concerns undercut trust in a business like WhatsApp. And trust in businesses is a massive factor in consumers’ behavior: 89% of consumers express concerns about the protection of their personal information, and 75% of shoppers will prioritize brand trust over price when purchasing a product
Privacy policies, never having been considered light reading, have actually become over 25% longer and measurably more difficult to read since the enactment of GDPR, in a survey of some of the largest tech platforms. Considering that these opaque policies also apply to those not afforded GDPR protections, businesses must do better to inform users of their privacy protections.
Trust in a brand is cumulative and gradual. In the absence of a federal privacy law (though one might be not far off in the United States), businesses must prioritize user privacy as a long-term commitment. Updates to privacy policies are often healthy and necessary. Following these three recommendations can reduce the risk that you catch users by surprise and help you grow your customers’ trust.
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo