Skip to main content
Legal Advice Centre

Social Media Privacy: Facebook’s acquisition of WhatsApp

Recently, online social networking platforms such as Facebook and WhatsApp have expanded exponentially. The massive influx of personal information that has become available online and stored has put user privacy at the forefront of discussion.

Published:

The extent to which users and social media platform administrators can access user profiles has become a new topic of ethical consideration; privacy violation is a critical concern in the technological age.

The Origin of WhatsApp

WhatsApp is a messaging app which was created in 2009 by two former Yahoo employees, Brian Acton and Jan Koum. The application appealed to users as a free alternative to the mobile provider’s traditional text messaging platform (SMS).

In particular, the USP (Unique Selling Proposition) or the unique feature of this messaging system, is its end-to-end encryption technology. It works by ensuring that a message is encrypted on the sender’s device, sent to the recipient’s device in an unreadable format, then decoded upon opening the message so that only the recipient can read the message. This ensures that all the contents in chats are secured by default.

Facebook’s Acquisitions

Facebook has undertaken mergers and acquisitions as a way to diversify its portfolio. Its first acquisition was Parakey in 2007. Since then, the company has continued to buy other sites, such as FriendFeed (2009), Octazen (2010), among others.

Following these purchases, it acquired Instagram, the photo and video sharing app, in 2012 for $1 billion (around £722.5 million). This was a significant turn in the tide for Facebook’s fortune. Their further reach was consolidated in 2014, when it acquired WhatsApp for $22 billion (approximately £16 billion), their largest acquisition by far.

WhatsApp’s New Privacy Policy and its Relation to Facebook

Earlier this year, WhatsApp started releasing pop-up messages with its new terms and privacy policy, highlighting its reservation of the right to share the data it collects about users with Facebook, WhatsApp’s parent company.

The policy further states that “WhatsApp may use the information it receives from Facebook, and vice versa, to help operate and improve their offerings”.

In fact, being a WhatsApp user means that you are a Facebook customer, and while the two services operate for different purposes, they are now linked by the sharing of data.

Taking effect from 8 February 2021, the pop-up asked users to agree and accept the new terms. It mandated that users would have no choice but to agree to their new policy if they wish to continue using WhatsApp’s services.

Collection of data includes information such as battery level, signal strength, app version, browser information, mobile network, connection information, language, time zone, IP address and device operations.

Fearing that the disclosure of such information may give the organisation access to their private life, it has sparked massive distress and privacy concerns among the public.

How Does WhatsApp’s New Privacy Policy Correlate with Data Protection Laws in the UK?

International Data Privacy Law: General Data Protection Regulation (GDPR)

The GDPR is the most important legislation enacted to date by the EU about data protection. It imposes obligations upon companies such as the six data processing principles which data controllers (individuals or companies who determine the purpose and means of personal data processing) must comply with.

These principles ensure that personal data is:

  1. processed lawfully, fairly and transparently;
  2. collected only for specific legitimate purposes;
  3. adequate, relevant and limited to what necessary;
  4. accurate and, where necessary, kept up to date;
  5. stored only as long as is necessary; and
  6. processed in a manner that ensures appropriate security.

Data Protection Post-Brexit

Following Brexit, the UK enacted its own version of the EU GDPR under the European Union (Withdrawal Agreement) Act 2020.

The UK GDPR came into force at the end of the Brexit transition period on 1st January 2021. It is supplemented by the Data Protection Act 2018 which applies the GDPR’s provisions to certain types of processing that are outside the Regulation’s scope, including processing by public authorities.

There are now two GDPRs: The EU GDPR and the UK GDPR. However, they place similar obligations on data controllers and processors.

These rules apply to both companies and organisations based in and outside the EU who offer services in the EU and the UK, such as Facebook, whenever these companies request the personal data of individuals.

Facebook mentioned that, like other companies, it had to make changes in response to Brexit. However, there will be no change in the privacy controls, or the services Facebook offers to people in the UK. Therefore, UK data protection will continue to apply even post-Brexit.

WhatsApp Legal Info

WhatsApp’s privacy policy mentions that under applicable data protection law, there must be a legal basis for companies to process user data. The law provides six legal bases for processing under Article 6 of the UK GDPR: consent, contract, legal obligation, vital interests, public task and legitimate interests.

From this legal basis, UK users have a “right to object” if their data is used for direct marketing, as a result of Article 21 of the UK GDPR granting them these rights.

Moreover, it is important to note that, unlike users from other countries like the US, EU and UK, users were not forced to accept the new terms or face permanent account deletion. This is because European countries enforce a specific privacy protection law, the GDPR, which gives them the “right to object”. In fact, WhatsApp’s new privacy policy includes promoting the sales of businesses which goes against the legal basis for companies to process user data.

How to protect your privacy online?

Opt Out of App Tracking

You can prevent applications having access to your personal information by opting out of the application tracking information, including location.

Review Privacy Policies Carefully

We have a tendency to agree to terms and conditions without even reading them and this is something that has to be done. Always take a look at the document you are agreeing to.

Access the Internet Via VPN

A VPN (virtual private network) routes your online activity through an encrypted virtual tunnel which allows you to keep your IP address and location private.

Conclusion

In 2013, the Pew Research Centre found that “60% of teenage Facebook users have private profiles”. This proves that privacy is something that people still wish to obtain and thus are migrating towards alternative applications such as Signal. Founded in 2018, it includes a mechanism by which users can independently verify the identity of their contacts and the integrity of the data channel. It uses standard cellular telephone numbers and secures all communications with end-to-end encryption. Thus, Signal is gaining traction and has paved a way to become a viable competitor to WhatsApp.

In conclusion, online privacy has become an important matter. While people believe that they have no control over the data collected by private companies, a new right has recently emerged; “the right to be forgotten” and request to keep your personal information safe. It is important to always take the right precautions to avoid any invasion of our privacy.

Sources

By Saumya Garg and Sheryl Selouan, LLB Law students at Queen Mary University of London

 

 

Back to top