WhatsApp and Facebook data sharing – still questions to be answered

The recent news that WhatsApp will be sharing user information with Facebook has been greeted with concern by both privacy groups and the media.

Having long campaigned for companies to be open about their data sharing practices, it would be churlish of us to not acknowledge that WhatsApp have made efforts to do so, signalling to all through a well-publicised blog post their main intentions and how to opt out the data sharing.

However there are still clear issues with WhatsApp’s new privacy policy. When first shown the new terms and conditions, a user is presented with a large “Agree” option while the opt out requires clicking through to read more before unchecking a box. The option to opt in, rather than to opt out of the data sharing service would have been preferable.

There is unfortunately still a lack of clarity in the T&Cs about what data WhatsApp will be sharing with Facebook. While the user can opt out from Facebook receiving their phone number from the user themselves, does that prevent a friend from sharing their WhatsApp contacts with Facebook? It is also unclear as to why the option to not share account info is limited to the next thirty days, raising concerns that future users will not even have the option to opt out.

Finally, while WhatsApp has been very keen to stress that their app will not feature third party banner ads, they have still opened users up to being targeted by ads within the app, presumably from businesses that people have been using WhatsApp to communicate with. It isn’t yet clear whether users will be able to opt out of this feature or how intrusive they will be.

WhatsApp have made some efforts to provide users with a choice in their new business model. We would urge them to go further and in every instance say clearly and unambiguously exactly what data is being shared and why. They are halfway there but the lack of detail and honesty about users’ telephone numbers remains a concern. For WhatsApp to set a real example in how best to protect user privacy, they ought to allow people to choose whether they want to opt in to each individual change. Only then will they really be on the right path to creating real trust and transparency with their users.