Why should companies share data collected internally

Is WhatsApp a privacy trap? This is what private individuals and companies should know!

WhatsApp is Germany's most popular and most used messenger. Many people know that data protection is critical - but they skilfully hide it. Business users in particular should be aware of how (un) secure their data really is with WhatsApp. Let's take a closer look at the topic in this post!

WhatsApp's popularity limits alternatives

Almost 60 million Germans use WhatsApp every day to exchange ideas. Whether GIFs, cute animal photos, quick voice messages or lively discussions in the WhatsApp group “Family Clan” about Uncle Heinz's new girlfriend - data flies back and forth every second.

What many do not know: WhatsApp is a subsidiary of Facebook. And at this point we could draw the lurid picture of a giant octopus that puts its long arms around all the data and can't get enough of it. Most users' perception is a bit different, however. So it happens that many - despite regular headlines about the lax data protection on Facebook and WhatsApp - are hardly interested in this topic. After all, what good are alternatives such as Threema, Telegram or Signal if almost all family members and friends only use WhatsApp?

WhatsApp collects this data about you

Since you have found this article, you are obviously interested in this topic. You probably want to know more about what WhatsApp is doing with your data - and what about data protection there. The fact is that WhatsApp does not generally access all data, but only so-called metadata. These are:

  • Your phone number
  • when and how often you use the app
  • when you joined WhatsApp
  • Your country code
  • Your network code
  • Information about the device with which you use the messenger
  • Your location, if you have activated it

What many do not know: You can always request a detailed overview of what specific data WhatsApp has collected about you. To do this, go to the settings in the app, select “Account” and there “Request account info”. In a few days you will then receive a detailed overview.

Data protection becomes more critical the more platforms you use besides WhatsApp

Incidentally, the popular Instagram platform also belongs to the Facebook group. And many link their Instagram account to Facebook. If you are using all of these three services, you should keep your eyes open. Because from the data collected from all three networks, Facebook can create a fairly comprehensive user profile about you.

Perhaps you are now thinking: "Then I just won't give my phone number to Facebook and cheat the company like that". What seems particularly clever at first is actually not. Because you probably usually log into Facebook with the mobile device that you also use for WhatsApp. Then Facebook can quickly find out via a simple device comparison that both accounts belong to one and the same person - so and merge the data.

Another data protection problem with WhatsApp is that the messenger synchronizes all contacts from the device's address book. This also gives him access to the phone numbers of contacts who are not registered with WhatsApp and would therefore actually be of no interest. The WhatsApp data protection guideline, which you have to accept when registering, states the following:

“In accordance with applicable laws, you regularly provide us with the telephone numbers in your mobile phone address book, including the numbers of users of our services as well as those of your other contacts. You may also provide us with an email address. "

And this point is particularly critical with the business version of WhatsApp.

WhatsApp Business - GDPR problems in your pocket

As I said at the beginning, the majority of Germans use WhatsApp as their standard messenger. For companies, this offers a huge opportunity for quick, easy customer contact - especially since WhatsApp Business was introduced in 2018. With this version, companies can create their own account so that contact no longer has to take place via the employees' private accounts.

If, however, contact details are now synchronized, the service will instead gain access to the phone numbers and possibly also the e-mail addresses of all customers that are recorded in the device's address book. If you therefore want to do without WhatsApp, the same dilemma arises as with private use. If your company uses Threema instead, but 98% of your customers only have WhatsApp installed, the quick exchange won't do anything. Update photos from the construction site to be sent to the customer? Nothing.

How to use WhatsApp in a relatively privacy-compliant manner

So what can and should companies do to continue using WhatsApp and to act in compliance with data protection regulations as far as possible? Here are some suggestions:

  • Make sure that customers expressly consent to being contacted via WhatsApp and offer alternative contact channels if customers do not want to communicate via WhatsApp.
  • In accordance with the requirements of Article 13 of the GDPR, expressly point out the use of WhatsApp. All information on data protection can be found in the WhatsApp company profile, these should also be linked.
  • Use only company cell phones for WhatsApp contact and make sure that employees do not mix business and private use.
  • Do not save attachments in the smartphone library if other apps can also access them.
  • Make sure that your devices are protected and secured against unauthorized access with a password or something similar.
  • Carry out regular updates so that everything is up to date in terms of security.
  • Deactivate your live location in the settings under “Account> Privacy”.
  • Go to the settings of your device and deactivate the access to the contact list via the app permissions.
  • You can also deactivate automatic backups in a cloud - because there is no longer any end-to-end encryption.
  • Do not share any personal data in accordance with Article 9 of the GDPR via WhatsApp.

You are responsible for data protection when you use WhatsApp!

WhatsApp makes its users responsible for handling the data carefully and carefully. The following paragraph can be found in the legal information:

"You are responsible for all necessary notices, permits and consents to collect, use and share the content and information of other people and must obtain them;" this also includes maintaining a published data protection guideline and complying with applicable law in other ways. "

Hardly anyone does this privately. However, since the GDPR applies to companies, this information is particularly important when using WhatsApp for business purposes. So make sure that customer data is handled in compliance with data protection regulations as far as possible, if you want to use WhatsApp despite all the criticism.