WhatsApp privacy policy tweaked in Europe after record fine

WhatsApp logo on a phone being held in a hand

WhatsApp is rewriting its privacy policy as a result of a huge data protection fine earlier this year.

Following an investigation, the Irish data protection watchdog issued a €225m (£190m) fine – the second-largest in history over GDPR – and ordered WhatsApp to change its policies.

WhatsApp is appealing against the fine, but is amending its policy documents in Europe and the UK to comply.

However, it insists that nothing about its actual service is changing.

Instead, the tweaks are designed to “add additional detail around our existing practices”, and will only appear in the European version of the privacy policy, which is already different from the version that applies in the rest of the world.

“There are no changes to our processes or contractual agreements with users, and users will not be required to agree to anything or to take any action in order to continue using WhatsApp,” the company said, announcing the change.

The new policy takes effect immediately.

In January, WhatsApp users complained about an update to the company’s terms that many believed would result in data being shared with parent company Facebook, which is now called Meta.

Many thought refusing to agree to the new terms and conditions would result in their accounts being blocked. In reality, very little had changed. However, WhatsApp was forced to delay its changes and spend months fighting the public perception to the contrary.

During the confusion, millions of users downloaded WhatsApp competitors such as signal.

Writing about the new tweaks required by the Irish Data Protection Commissioner (DPC), WhatsApp directly addressed those kinds of concerns. “This update does not change how we process, use or share user data with anyone, including Meta, nor does it change how we operate our service,” it wrote. And “users will not be required to agree to anything new or to take any action in order to keep using WhatsApp”, it added.

The company was also keen to stress that its service is, and continues to be, end-to-end encrypted, meaning messages can only be read by the sender and recipient. The new privacy policy contains substantially more information about what exactly is done with users’ information, and how WhatsApp works with Meta, the parent company for WhatsApp, Facebook and Instagram.

The fine handed to WhatsApp in September was the result of a years-long investigation into whether the social media giant was transparent enough about how it handles user information.

The Irish DPC had originally found against WhatsApp in some areas and not others, and proposed a fine of between €30m-50m. But after it consulted with other EU nations’ regulators as part of the process, it reassessed the amount.

Only Amazon has been issued a larger GDPR fine. WhatsApp continues to appeal against the decision, saying it believes that it had always provided the required information to its users.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s