Saturday May 15, 2021 sees the arrival of a new update to the WhatsApp Terms of Service. Postponed following the debate that it provoked last February, this renewed policy is not without consequences for the lives of companies and their employees. Certain risks may appear, both at legal and technical level.
Is the GDPR strictly observed?
The question here is to know, on the one hand, whether the provisions of these conditions and of the confidentiality policy comply with the law applicable in Europe, in this case the GDPR; on the other hand, if these provisions respect in concreto the principles to which they are committed. It is on this last point that the personal data control authorities in each EU Member State come into play. Here we find the notion of “free and informed” consent, at the heart of the European doxa.
New behaviors to adopt?
What behavior to adopt in such a context? In business as elsewhere, the first could be to refuse this new confidentiality policy altogether. In this case, the consequences are clear. As WhatsApp states in its new regulations, “ for a short time you will be able to receive calls and notifications, but you will not be able to read or send messages from the app “. This is where the shoe pinches because after 120 days of inactivity, WhatsApp accounts are generally deleted … But this provision could be subject to legal debate if we consider that Whatsapp is forcing here and therefore vitiates the consent of its users. users. Thus, especially if data processing has several purposes, people must be able to freely choose those for which they consent. On this point, the CNIL ensurese. It has already had the opportunity to sanction Google on this subject for the violation of this principle (Deliberation SAN-2019-001 of January 21, 2019) …
In the event that a business decides to adopt WhatsApp as a business messaging system, data privacy will be a priori respected (WhatsApp does not a priori store its messages on its servers, except for exceptions listed in its policy). From this point of view, the use of messaging therefore does not pose a major difficulty … unless a malicious software were to directly infect your device or an employee inadvertently forwarded a confidential professional message to a third person in his circle. private! This enlightens us on two points: on the one hand, the need to protect professional devices, particularly smartphones and tablets; on the other hand, the vigilance that it will be advisable to always have from now on vis-à-vis the use of WhatsApp, messaging with which we are used to increasing the number of private exchanges. To what extent would it be necessary here to encourage the use of two different laptops? This question deserves to be asked.
Ban sensitive information on WhatApp?
All this pleads in favor of the establishment, within the company itself, of a policy of use. This is particularly true for SMEs, where the WhatsApp Business application could be called upon to play a major role in terms of links with customers.
A tip for general managers: it will undoubtedly be advisable to ban the sharing of sensitive information via WhatsApp messaging because a company does not control the destination of the data which is stored on each personal smartphone of its employees. Remember: during 2020, instant messaging made the mistake of allowing search engines to access pages containing invitation links and personal information of WhatsApp groups, when these should not have been be indexed… An episode that illustrates the risks of leaks.
Does this change in WhatsApp’s privacy rules signify a major change? Not necessarily when you consider that our data is always prey over which cybercriminals hover. In addition, we observe that the notion of “free and informed” consent remains at the heart of the concerns of regulatory authorities such as the CNIL.
But the debate is not useless for all that. It is there to make companies even more aware of the misuse that can be made of their confidential data. An acculturation which seems to us more necessary than ever, and calls each of us to our duties of conformity and vigilance!