Behind WhatsApp’s splashy privacy push

During the AFC Championship game, WhatsApp made its first U.S. ad buy. It used an overly intrusive mailman to highlight the privacy risks of SMS. As someone who is obsessed with data privacy, I was thrilled to see it take center stage. It was a fantastic commercial in all the right ways– except one. The messenger was wrong. I could buy in if the ad were released by a company with a historically strong record on data privacy, like Apple, but certainly not WhatsApp, which is owned by Meta. 

Some perspective

WhatsApp is the most popular messaging app in the world, with more than 2 billion users across 180 countries. But it lacks traction in the U.S., its home market, where consumers still rely most heavily on SMS (insecure) and iMessage (secure, but Apple-bound). Facebook Messenger (Meta-integrated) and to a lesser extent, Snapchat (ad-supported) and Signal (highly secure) also lead WhatsApp. From this perspective, it makes a lot of sense for WhatsApp to make a big privacy push.

As a bit of an unknown to millions of American consumers, WhatsApp has an opportunity to brand itself however it sees fit, which now includes a nod back to its roots – privacy. This works to Meta’s advantage as it seeks to revamp its image due to its privacy failings. But, things don’t quite add up if you take a closer look.

WhatsApp started as a better alternative to SMS in 2009 – it gets credit for encryption and ensuring private conversations. But while the company may have wanted to support additional security and privacy features and it rejected ad models as an independent company — as it matured — it put user features such as sending media and push notifications first.

Unsurprisingly, after its 2014 acquisition by Facebook, the focus tilted even more toward usability features like in-app calling, rather than on security or privacy, to compete with Viber (first with calling), Line (first with stickers) and more. This delayed WhatsApp’s introduction of two-factor authentication and end-to-end encryption until 2016. 

Things that make you wonder

Then came the big privacy walk-back. Previously, WhatsApp announced a change to its privacy policy in January 2021. This change would allow numerous data points to be shared with the businesses and third-parties WhatsApp and Facebook had ad targeting agreements with. Users who did not agree with the new terms would have their accounts deleted. 

First off, many users did not realize Facebook, a company with a weak data privacy record, already had access to a fair amount of WhatsApp metadata, such as phone numbers and information about their devices. Then to hear that even more metadata could be mined, shared and sold for ad targeting, was a bit of a gut punch to those paying attention. Millions turned their backs on the service, which caused WhatsApp to delay its full policy change by several months.

The changes finally rolled out in May 2021, when WhatsApp felt the brouhaha had died down sufficiently enough. The hope was that in the interim, users would become more reliant on the service and thus more accepting of terms that they didn’t like. But all has not been smooth sailing since. 

The data privacy rules in Europe are much stricter than in the U.S. As such, WhatsApp was fined €225 million ($267 million) in September by Ireland’s privacy watchdog for breaching EU data privacy rules.

To put this in perspective, only Amazon has ever been fined a larger amount. At issue: WhatsApp failed to tell European users how their personal information is collected and used, as well as how WhatsApp shares data with Facebook. Also in September, ProPublica released a rather damning report about how WhatsApp’s end-to-end encryption was perhaps not all it was cracked up to be. 

Taking this into consideration, as well as the litany of data privacy issues Facebook has faced in its rights, WhatsApp is not a champion of data privacy. It is also no coincidence that WhatsApp aligned with Meta for its campaign, erasing any residual association with Facebook’s questionable privacy record and voila! A new branding opportunity was born.

Don’t shoot the messenger

Why would Meta/Facebook adopt such a strategy for one of its prize properties? 

Every move Meta makes is by design. For its long-term plan of creating a uniform messaging platform to come to fruition, it has to gain regulatory approval. Yet, the appetite to break the company up has never been stronger. Meta has been forced to lay its cards down in front of the U.S.’s own watchdog, the Federal Trade Commission (at least to a certain extent).

Meta is required to show the FTC how the companies are intertwined yet not anticompetitive, how they work together to improve an experience by integrating the services that people want, like allowing an Instagram account to communicate with someone who has a WhatsApp account.  As a result, the company has cobbled together this massive entity in an effort to own the messaging conversation and it’s using an old marketing message of end-to-end encryption to boomerang back.

By adopting a privacy message that fits with WhatsApp, Meta can present a mea culpa of sorts. It can claim it’s heard the privacy concerns and has taken steps to remedy them. Do not be fooled. It is just a message; they’re not actually doing anything different from what they have in the past. It’s not setting some kind of privacy standard.  

This leaves us all in a bit of a precarious position. Meta can’t turn back. Thus, WhatsApp can’t either. So, we are stuck in a model of privacy-veiled surveillance capitalism. Coined by Harvard Business School professor emerita, Shoshana Zuboff, surveillance capitalism is an economic system based on predictions of human behavior and analysis of our experiences according to data shared in online interactions. These interactions are then monetized by the companies enabling them. 

Zuboff describes the present conundrum perfectly, saying, “Demanding privacy from surveillance capitalists or lobbying for an end to commercial surveillance on the internet is like asking old Henry Ford to make each Model T by hand. It’s like asking a giraffe to shorten its neck, or a cow to give up chewing. These demands are existential threats that violate the basic mechanisms of the entity’s survival.”

Sounds a bit disheartening. WhatsApp can only go so far in its boomerang back to a strong privacy stance – but we are seeing new signs of transparency and commitment with its privacy advisory amid the war in Ukraine (Signal’s strong reputation on security precedes it in Ukraine, while WhatsApp is still trying to earn marks). Meta still is not likely to move much further along the data privacy spectrum with ongoing consistency, however, unless compelled to do so by the governments. While new legislation is certainly a possibility,  it will likely take some time to enact and even more time to enforce. 

In the interim, consumers have a decision to make. They’ll have to look beyond snappy marketing campaigns, get savvy about what’s happening with their data and prepare to exit platforms they may know and love, or they’ll have to be ok with data privacy practices that are part of a surveillance capitalism system. The choice is up to them.

Daniel Barber is the CEO and cofounder of DataGrail.