Great news! WhatsApp has announced that it will be more transparent with its users and has made it easier for them to reject updated policies they don’t agree with. The European Commission has confirmed that WhatsApp will provide users with the option to reject the updated terms of service and forfeit its services if they so choose. Additionally, WhatsApp has committed to not sharing users’ personal data with third parties or other Meta companies for advertising purposes.
This move by WhatsApp is in line with the Digital Services Act and the EU General Data Protection Regulation, which aim to ensure that no regulatory gap is left for platforms to manipulate users. The EU Commissioner for Justice, Didier Reynders, welcomed these changes and emphasized that consumers have a right to understand what they agree to and what that choice entails concretely, so that they can decide whether they want to continue using the platform.
The CPC Network’s Letters to WhatsApp
However, the CPC Network was not satisfied with WhatsApp’s reply to their first letter in March 2022, stating that they were not convinced by the company’s clarifications on the concerns raised.
As a result, a second letter was sent out in June 2022, reiterating the need for transparency regarding WhatsApp’s business model and questioning whether the company derives revenue from commercial policies related to users’ personal data.
WhatsApp’s Key Commitments
WhatsApp has made the following commitments that will affect its two billion users for all future policy updates:
- Clearly explain the changes being made and how they will impact users’ rights.
- Provide users with the ability to reject any updated terms of service.
- Allow update notifications to be dismissed or delayed for review.
- Respect users’ preferences and avoid sending repetitive notifications.
These commitments aim to enhance transparency, empower users, and respect their privacy choices.
Next Steps: Addressing ‘Dark Patterns’
The CPC will monitor how WhatsApp approaches its promises and enforce compliance, with the possibility of imposing fines. The press release also highlighted the prevalence of “dark patterns” in many company business models. These are tactics used by companies to make it harder for consumers to unsubscribe from a service than to subscribe to it. The CPC Network, with the Commission’s support, is committed to intensifying efforts to address such illegal practices.
European authorities have also scrutinized other Big Tech companies such as Google, TikTok, Facebook, and Twitter since 2019 to ensure compliance with EU consumer rules. In 2022, the EU implemented new legal frameworks such as the Digital Markets Act (DMA), the Digital Services Act (DSA), the AI Act, and the Data Act, which promise to promote competition responsibilities for Big Tech and establish a fairer data ecosystem. Marietje Schaake, Stanford University’s Cyber Policy Center international policy director, noted the significance of this landmark year in the EU’s crackdown on Big Tech domination.
If you want to explore the world’s toughest data protection and regulation act, the GDPR, check out our 2023 GDPR compliance checklist for a deep dive.