Anti-Competitive measures and consumer rights questioned

Messaging platform WhatsApp recently made headlines after it announced changes to its privacy policy.

As of March of 2020, WhatsApp boasted circa two billion active users, arguably in part due to its end-to-end encryption which ensures that only the users communicating with each other are able to access the content shared, a feature missing from other messaging apps such as Messenger.

WhatsApp was first launched in 2009 and in 2014 it was purchased by Facebook for $19 billion. The acquisition itself was criticised as yet another move by Facebook, which also owns Instagram and Messenger, to stifle competition. The acquisition led to the EU Commission imposing a €110 million fine on the social media giant for providing misleading information in relation to the takeover and Facebook’s ability to link user accounts with those of WhatsApp, which it later did.

Furthermore, last December, the US Federal Trade Commission together with 46 states filed a lawsuit against Facebook, accusing the company of engaging in anti-competitive conduct and actively working to eliminate threats to its social media monopoly. The FTC claims that Facebook’s behaviour, namely its takeover of companies it competes with and the conditions it imposes on software developers, allows consumers very little choice but to use its platforms, and asked the Court to inter alia order the company to divest of its shares in Instagram and WhatsApp as well as require it to obtain approval prior to new mergers and acquisitions.

User Data Sharing – is consumers’ data protection sufficiently guaranteed?

Recently, Facebook was once again put under the scrutiny of regulators after it announced changes to WhatsApp’s privacy policy which will allow it to share the information it collects from users with the other companies owned by Facebook. This information includes account registration information, transaction data, service-related data, mobile device information, IP addresses, and information on how a user interacts with others, including businesses, when using the app.

If WhatsApp users refuse to give their consent to the changes effected, they are unable to continue using the app. Thus, in practice there is no choice but to consent. This goes against the very spirit of the GDPR which is founded on the ability of data subjects to choose to refuse or withdraw their consent at any time. If the only choice a data subject has is to stop using the app, then there is no choice at all.

Whilst the legality of the changes remains to be examined more thoroughly, EU regulations on data protection succeeded in preventing further changes which will be rolled out in countries outside the EU. For instance, the US version of the privacy policy will enable WhatsApp to connect to users’ Facebook Pay accounts in an effort for the company to monetise the app. This change does not feature in the EU version of the privacy policy.

It should be noted further that the features unique to WhatsApp will remain intact. WhatsApp, and by extension, Facebook, will still be unable to view the messages or hear calls between users, access shared locations, share users’ contacts, or keep logs of who users are messaging or calling.

While this may be enough to put some users’ minds at ease, the changes nonetheless raise valid concerns, especially when viewed in light of Facebook’s history in mishandling data, culminating in the Cambridge Analytica scandal.

Following the concerns raised and the switch of hundreds of thousands of users to alternative apps such as Signal, WhatsApp has removed the previously imposed 8th February deadline for users to accept the changes made and has instead announced that it would work on clearing up the confusion and purported misinformation being circulated before imposing the new changes.

For more information on competition law, data protection and consumer rights kindly contact any member of IURIS Advocates.