As most people already know, WhatsApp tried to give many of its users (EU based users excluded) a new year present – the new Privacy Policy (“Policy”) which would enable this company to share certain data with third parties (read: mainly Facebook, its parent company).
This caused a great storm in public opinion, as well as highly reasoned debates among lawyers, especially those involved in technology law and data protection. This Policy did not provide users with the possibility of compromise – it can either be accepted in its entirety, or their respective account would be deleted. Unsurprisingly, the WhatsApp users did not like this type of conditioning. And so, their odium to the new Policy, and therefore to the app itself, was huge.
The users have spoken, and WhatsApp listened, it seemed. Taking into account the justifiably negative reactions, WhatsApp proposed delaying the start of implementation of the new Policy from February 8th to May 15th. Nevertheless…
Let’s go back in time for a minute
Facebook owns WhatsApp
Not few people were incredibly surprised when Facebook announced the purchase of WhatsApp in February 2014. That surprise was rather caused by its purchase price. When Facebook announced its plans to acquire WhatsApp, WhatsApp’s founders attached a purchase price of $16 billion: $4 billion in cash and $12 billion remaining in Facebook shares. Yet, this price tag was dwarfed by the actual price Facebook has ultimately paid: $21.8 billion, or $55 per user.
Some numbers, to provide context: WhatsApp’s six-month revenue for the first half of 2014 totalled $15.9 million and the company incurred a staggering net loss of $232.5 million, though most of that loss was for share-based compensation. If we contrast those amounts to the purchase price, we conclude that Facebook, apparently, knew something we did not.
That something happened to be user growth. In 2014, over 500 million people used WhatsApp monthly and the service added more than 1 million users per day. 70% of WhatsApp users were active daily, compared to Facebook’s 62%. Additionally, WhatsApp users sent 500 million pictures back and forth per day, about 150 million more than Facebook users. Now, if you share the data of such a growing number of WhatsApp users with Facebook and then use Facebook’s advertising algorithm – poof, the sky is the limit!
This partly explains the statement of WhatsApp’s co-founder, Brian Ecton, who in 2018, referring – among other things – to the reasons that led him to tweet the recommendation to users to delete Facebook from their devices, stated the following:
“I sold the privacy of my users to Facebook for my own higher interest, making a compromise that has haunted me every day since.”
Being haunted is not genuinely nice (yes, ghosts occurred to me, too).
Double standards
Regardless of the global implementation of the Policy, WhatsApp users located in the European Union have been notified differently of these changes thanks to much stricter privacy legislation. Hence, users in the 27 European EU member states will be spared of sharing their data with third parties.
And what about the other users, outside of the EU? How did WhatsApp treat them? Let us see on the example of the Republic of Serbia (“Serbia”).
The users in Serbia, which is not a member of the EU, were not exempted from the new Policy on the day of writing of this blog. This would not be much of a problem if Serbia were not a country in the process of joining the EU, through which it had adopted different legal acts that are as harmonized as possible with the EU regulations. Specifically, these include acts governing personal data protection which are directly modelled on the EU privacy laws. In short, Serbian Law on Personal Data Protection is largely sculptured on the EU General Data Protection Regulation (GDPR) basis. And yet despite the provisions being so similar, it seems that with the passing of the Policy, WhatsApp did not care much for users of their app in Serbia. Was WhatsApp more guided by principles of political interest and exempted from the application of the Policy only users from EU countries, classifying the Republic of Serbia as a “third country”, despite the fact that the privacy of Serbian citizens is protected in a modern – “EU fashioned” way. It seems that WhatsApp did not dig any deeper to see if privacy legislation is effectively the same in Serbia and EU countries, but rather went along with the mainstream attitude – if not full-fledged member of the EU, your legislation is not important.
What I have noted, as a member of the Serbian society, is that most Serbians are rather inactive when it comes to leakage of their personal data caused by Big Tech privacy breaches and/or implementing unjustifiable rules for using their services. Globally, Facebook is accused of different privacy leaks. We all remember when Facebook’s CEO Mark Zuckerberg had marathon hearings before the US Congress answering tough questions on the company’s mishandling of data. Facebook’s problems pile up in Europe as well as this social giant faced a raft of new regulations and sanctions. Europe, too, enters the time of reckoning for Big Tech. The case of Seznam.cz and Google is a good example. Namely, local browser in the Czech Republic, named “Seznam.cz” had claimed 9.072 billion crowns ($417 million) in damages from Google at the end of last year, alleging that the U.S. giant restricted competition. Seznam said Google abused a dominant position on the Czech market with licensed operating systems and application stores for smart devices equipped with Android operating system. Apparently, Czech regulators did it job quite well.
Will we see a change of heart amongst the Serbian users any time soon? Or a change in the approach of the Serbian regulators?
Let’s face it, Facebook (and other Four Horsemen) are frequent violators of privacy and other regulations in (most probably) every continent and every country they exist in. It is the attitude of Serbs towards such breaches and violations in Serbia which is unacceptable, and which is an enigma to me as a Serbian citizen. There is just no monitoring and neither punishing of the Big Tech in Serbia. The same attitude was present when the subject Policy was announced. Serbia may formally be a third country yet, but in principle, the laws are mostly the same as in EU countries. That said, should not we have the same treatment? I wonder when we will wake up, become aware when someone breaches our rights and start fighting for them.
What does the biggest competition (read: Viber) say?
“User privacy has been literally trampled through a recent update to the WhatsApp app. In this way, one of the most important rights of users is completely marginalized, and I am afraid that this infamous record in disrespect for privacy will soon be surpassed by the same actors. This makes us even more proud of Viber’s principled attitude towards maintaining the privacy of data and communication of its users, and I take this opportunity to invite all people who do not see themselves as a source of data for sale on the open market to make their correspondence and calls via Viber”
said Jamel Agaua, general manager of the Rakuten Viber.
Pretty direct, right?
Let’s talk about numbers
Two other applications, which are the most talked about in connection with alternatives to WhatsApp, Signal and Telegram, have seen a sharp increase in the number of users since WhatsApp set new privacy rules.
Data from the app analysis company Sensor Tower shows that Signal was downloaded from Google and Apple stores more than 17 million times from January 5th to January 12th, while in the week before that it was downloaded only 285,000 times.
That is some skyrocketing increase!
At the same time, Telegram was downloaded 15.7 million times.
There are alternatives to WhatsApp (via RepublicWorld.com)
On the other hand, the number of downloads of the WhatsApp dropped to 10.6 million, from 12.7 million a week earlier.
That says a lot about the global attitude of users towards the Policy.
A glimmer of hope
The fact that users around the world (unfortunately not many of them from Serbia), showing awareness of the importance of their personal data, raised their voices against this Policy, as well as that Facebook-owned WhatsApp delayed the start of implementation of the new Policy from February 8th to May 15th, also indicates that the protection of personal data is a global issue and that vox populi is more powerful than any data protection regulation. Not yet in Serbia, though.
If nothing else, this reaction is an indication that the notion of personal data is no longer foreign to the common people, and that education on this issue has been fruitful.
In the end, it is the acquaintance of people with their own rights that is the best guarantor of the realization of those rights. Today it was data privacy. Tomorrow it could be any other topic.
It is important to keep learning.
Luka Jagic is a business-oriented lawyer with a passion for technology law and personal data protection. He tries to be the link between law and business. Loves sports, history and travelling. A proud roommate of two amazing dogs.