Regardless of the announced update, what kind of personal information does Whatsapp currently share with FB, according to its website?

- account+device info
- transaction data
- service-related information
- information on how you interact with others

Basically, all metadata.
Personal data Whatsapp shares with Facebook "may include other information identified in the Privacy Policy section entitled ‘Information We Collect’ or obtained upon notice to you or based on your consent"

Upon 'notice'?

Current non-EU privacy policy:
whatsapp.com/legal/updates/…
According to the current privacy policy for non-EU users, Facebook may use Whatsapp (meta)data for all kinds of extensive digital profiling including for "product suggestions (for example, of friends or connections, or of interesting content) and showing relevant offers and ads".
This data sharing is happening since 2016.

When Facebook acquired Whatsapp in 2014, it told users and US/EU regulators that FB would not combine user data across the services.

This is from the recent antitrust lawsuit of 46 US states against Facebook: ag.ny.gov/sites/default/…
So, Facebook lied to users and regulators.

According to the lawsuit, FB "took great pains to avoid negative press coverage" in 2016.

The Whatsapp founder was told to get not "too much into the weeds on the types of data we’re sharing" and instead prepare some "‘safe’ examples".
In 2014, FB formally told the EU Commission, it would even be *unable* to establish reliable automated matching between FB and WhatsApp user accounts (🙄).

Because of this lie Facebook was fined €110 million in 2017 (still a tiny amount of its profits):
ec.europa.eu/commission/pre…
Can Facebook and Whatsapp be trusted?

No.

As long as fines or other sanctions do not substantially endanger their business, I expect them to continue violating the law, delaying investigations and lawsuits until profits are locked in, and misleading regulators and the public.
Whatsapp provides services under a very different privacy policy to users in the EU and other GDPR countries.

Here's the key paragraph regarding Whatsapp data sharing with FB. Left: global. Right: EU/GDPR.

Digital profiling only for safety and security.
whatsapp.com/legal/privacy-…
I suspect that Facebook has been massively violating the GDPR since 2018 in several respects. The Irish data protection authority has been investigating several FB cases for years and there still isn't any decision since 2018.

Anyway, the GDPR seems to make a difference.
Nevertheless, while Whatsapp doesn't mention ads or other kinds of profiling in the GRPR policy it still states it shares data to "help operate, provide, improve, understand, customize, support, and market" Facebook's services and offerings. Also, safety+security are broad areas.
There's a separate page about data sharing with FB in EU/GDPR countries.

It states that *today* FB does not use Whatsapp data for extensive profiling (aka 'improve product experiences', 'provide ad experiences') bc of discussions with the Irish regulator.
faq.whatsapp.com/general/securi…
This is what they say. I don't trust in what they say, because I don't see GDPR enforcement.

Generally, I don't question their e2e encryption for content, even though @swodinsky has written about Whatsapp's "idea of baking a brand-sized loophole" into it: gizmodo.com/this-was-whats…
Anyway, even if the content of Whatsapp messages is reliably protected, metadata on who people are communicating with, how often, and when, is powerful. Tiny details about which data is being shared matter.

Communication metadata should not be exploited for commercial profiling.
This is not only about 'privacy'.

Tiny details about which data is being shared matter when it's about 2 billion people and when tiny details can decide about network effects, platform power and billions of profit.
I wrote the GDPR seems to make a difference for Whatsapp's EU practices, but completely forgot to mention the ePrivacy directive. Of course, thx @je5perl!

ePrivacy is probably the main reason why Whatsapp is more careful in the EU.

(while the GDPR implements Article 8 of the EU fundamental rights charter and generally protects the rights+freedoms of people when personal data is being processed, ePrivacy basically implements Article 7 and specifically protects the confidentiality of electronic communication)
Btw. @thezedwards pointed to Wit, Facebook's voice/speech recognition subsidiary, which 'may' receive data from Whatsapp and other FB companies for 'business purposes that help us provide you with an innovative, relevant, consistent, and safe experience':

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

14 Jan
This acquisition shouldn't have happened.
It may not primarily be about past body/health data.

But in addition to Fitbit's hw/sw/brand/workforce, it's about ongoing access to future device data and taking control over user+b2b relationships in order to expand Google/Alphabet's intermediary/healthcare/insurance business.
Read 5 tweets
6 Jan
Austrian telco A1 with 25 million customers in Austria, Bulgaria, Croatia, Slovenia, Serbia, North Macedonia and Belarus announces to sell 'insights into the movement of people' based on 'aggregate'+'anonymized' location data via @here's data marketplace:
here.com/sites/g/files/… Image
Exploiting the pandemic to expand on commercial location data business, great.

"Our analytics product, A1 Mobility Insights, has already proven itself to be considerably helpful during the current coronavirus crisis. By joining the HERE Marketplace, we can go a step further" Image
'A1 Mobility Insights' is provided together with invenium.io. According to the FAQ, A1 'replaces' IMSI numbers with daily changing 'random IDs' before sharing data with Invenium.

This would still mean they process (pseudonymous) personal data.
invenium.io/de/blog/2020-1… ImageImage
Read 9 tweets
5 Jan
Letzten März war ich kompromissbereit, was die Auswertung von aggregierten Mobilfunk-Bewegungsdaten für gemeinwohlorientierte epidemiologische Zwecke betrifft. Vielleicht ein Fehler.

Das Schüren von Ressentiments fällt sicher nicht unter diese Zwecke. kurier.at/chronik/oester… Image
Invenium sagt, man nutze Standortdaten von A1 inkl. Bob/Yesss/RedBullMobile und decke damit in AT 43% ab.

Auch wenn "je nach Projektanforderung" eine Gruppierung auf 20 Personen erfolge, werden laut FAQ pseudonymisierte personenbezogene Daten verarbeitet.
invenium.io/de/blog/2020-1… ImageImage
Invenium behauptet, die österreichische Datenschutzbehörde und der TÜV Saarland hätten deren "Anonymisierungsverfahren als datenschutzkonform bestätigt", ebenso eine "Studie der führenden Rechtsexperten der Universität Wien".

Denke, das sollte dringend nochmals geprüft werden.
Read 5 tweets
21 Dec 20
Austria's job center wants to sort the unemployed into three classes. It has never listened to criticism of civil society. Now it's fighting the Austrian data protection authority, who banned the system.

Or, how to *not* handle public-interest algorithms.
derstandard.at/story/20001226…
This legal fight may have implications beyond Austria.

The data protection authority said that while case workers could theoretically modify the system's classifications, they won't have the time+resources to do so, and thus the system actually makes solely automated decisions.
In my opinion, the Austrian job center (AMS) is acting in a reckless+irresponsible manner.

Instead of being an advocate for the unemployed and listening to criticism, it's pushing for technocratic solutionism and is even willing to accept that this may weaken EU data protection.
Read 10 tweets
14 Dec 20
argyle.com, a US startup that aims to aggregate employment records across employers, including data on work activities and reputation, and sell it to recruiters, lenders, insurers. It claims it has already access to 40m records.

This is terrifying + shouldn't exist.
"The short term objective for Argyle is access to 100% of employment records; the reason for fundraising at this moment is to quicken the date of 100% access"

From the company's "funding memo":
notion.so/Argyle-A-Round…

Argyle has raised $20m+ in funding:
crunchbase.com/organization/a…
"We started with building coverage where Equifax has not - in the gig economy"
notion.so/Argyle-A-Round…

US data brokers have been gathering+selling data on work history/salary for decades, which also shouldn't happen. Argyle's sales pitch suggests they want to go far beyond that.
Read 10 tweets
14 Dec 20
Predicio, a French data broker who was caught selling location data harvested from ordinary smartphone apps to the US defense contractor Venntel, also provides 'foot traffic data' in partnership with Aspectum, another US company who sells to law enforcement and homeland security.
Aspectum (aka EOS Data Analytics) claims to provide 'geospatial insight based on cell phone activity and other data sources for a better understanding of local social interaction hazards' such as 'demonstrations, protests, riots, and other mass civil disorder acts', for example.
Sources:
aspectum.com/industry-publi…
aspectum.com/data-on-demand/

As a part of a 'combined offer from Aspectum and Predicio', that 'enables' clients 'to track and analyze human activities', 'foot traffic data' is 'available for selected countries' including the US and most EU countries.
Read 19 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!