In short, the change describes how users’ data – including device type, general location, and language – would be shared with Facebook, which acquired WhatsApp back in 2014 and appears keen to use the platform for future data-driven e-commerce initiatives.
A handful of in-depth recaps explain the changes in greater detail, like this overview from Gizmodo. However, one of the most concerning impacts of this development is not so much a particular policy change but rather the trend it illustrates: for users in the United States and other countries lacking strong privacy regulation, their data protection is left to individual companies’ policies. Without federal laws to guarantee a legal baseline for users’ privacy protection, companies must intentionally enact a long-run commitment to informing users of how the processing of their data could evolve over time. Later in this piece, we’ll share a few recommendations on how this can be done.
Unpacking the fallout from the updated WhatsApp policy and charting more effective privacy initiatives require a commitment to delivering relevant information to users in an accessible way. Maintaining user loyalty is hard. It becomes significantly harder when the data relationship between user and platform is modified without transparent communication, and ultimately, respect for the end-user’s position. From WhatsApp’s case, there are plenty of lessons to be gleaned on how that relationship should be managed. In short: unclear communication creates confusion, which rapidly snowballs when there is no legal framework that guarantees users’ privacy protections. In the absence of such laws, millions of WhatsApp users around the world are understandably concerned.
These concerns undercut trust in a business like WhatsApp. And trust in businesses is a massive factor in consumers’ behavior: 89% of consumers express concerns about the protection of their personal information, and 75% of shoppers will prioritize brand trust over price when purchasing a product
Privacy policies, never having been considered light reading, have actually become over 25% longer and measurably more difficult to read since the enactment of GDPR, in a survey of some of the largest tech platforms. Considering that these opaque policies also apply to those not afforded GDPR protections, businesses must do better to inform users of their privacy protections.
Trust in a brand is cumulative and gradual. In the absence of a federal privacy law (though one might be not far off in the United States), businesses must prioritize user privacy as a long-term commitment. Updates to privacy policies are often healthy and necessary. Following these three recommendations can reduce the risk that you catch users by surprise and help you grow your customers’ trust.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Masking data is an essential part of modern privacy engineering. We highlight a handful of masking strategies made possible with the Fides open-source platform, and we explain the difference between key terms: pseudonymization and anonymization.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Book a Demo