WhatsApp’s new terms-of-service are causing quite a stir among privacy advocates. Yesterday, the company announced it would begin sharing user phone numbers, profile data, status message and online status with Facebook, its parent company — a change that the Electronic Privacy Information Center (EPIC) claims violates a Federal Trade Commission consent order.
WhatsApp says it needs to share limited data with Facebook to test out new features designed to help users “communicate with business,” such as receiving fraud notifications from a bank or flight delays from airline companies. WhatsApp also maintains that all messages will still be completely encrypted, and unreadable by both Facebook and WhatsApp staff.
Users also have up to 30 days to opt-out of the sharing portion of the new terms-of-service, but according to EPIC, that doesn’t protect the companies from the FTC’s consent order. The order apparently requires the company to obtain an opt-in consent before asking them to agree to the new terms. WhatsApp does technically offer an opt-in option, but it’s not clear how to access it: one must click “read” to view the terms-of-service agreement before the opt-in checkbox appears.
It may sound like privacy groups are splitting hairs, but how user data is handled can have unforeseen legal consequences. It’s not just special interest groups who are concerned — The United Kingdom’s Information Commissioner is also investigating the WhatsApp policy change to ensure it complies with the Data Protection Act. It’s a complicated little mess, but Facebook, at least, is confident it’s on the right side of the law. “WhatsApp complies with applicable laws,” a spokesperson said in a Motherboard interview. “As always, we consider our obligations when designing updates like this.”