By Chinenye Anuforo, [email protected]
The National Information Technology Development Agency (NITDA), under Section 6 (f) of the NITDA Act, 2007, has provided advisory to Nigerians to address concerns on changes to Whatsapp Terms of Service and Privacy Policy, which took effect on May 15, 2021.
Millions of Nigerians use the Whatsapp platform for business, social, educational and other purposes. It is the social media platform of choice for many Nigerians.
To understand the issues and give an opportunity to explain its views, NITDA, in collaboration with the African Network of Data Protection Authorities, engaged Facebook Incorporated, the owners of Whatsapp, specifically, its global policy officials, recently.
In a statement by NITDA , signed by Mrs. Hadiza Umar, head of corporate affairs and external relations engagement, Nigeria’s data privacy regulator advised Nigerians on how Facebook’s business decision affects their privacy rights.
What has changed?
Facebook acquired Whatsapp in February 2014. Facebook currently has over 2.5 billion users globally, while Whatsapp has over two billion users. Whatsapp shared a reviewed Privacy Policy on January 4, 2021, informing its users outside the European Union that it would now share their information with Facebook and its sister companies.
Datasets collected by Whatsapp
Whatsapp collects the following user information:
• account information;
•messages (including undelivered messages, media forwarding);
•status information;
• transactions and payments data;
•usage and log information;
•device and connection information;
•cookies etc.
Other information collected by Whatsapp include:
•battery level;
•signal strength;
•app version;
•browser information;
•mobile network;
• connection information (including phone number, mobile operator or ISP), language and time zone;
• Internet protocol address;
•device operations information;
•social media identifiers.
The new policy best renders the platform’s information sharing practices with Facebook and its companies.
“As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the other Facebook Companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our services and their offerings, including the Facebook Company Products…”
Whatsapp shares the above listed information and the following with the Facebook Company:
•account registration information;
•details on how users interact with others;
•mobile device information;
•Internet protocol address;
•Location data, etc.
The Facebook Team confirmed that private messages shared on WhatsApp consumer version are encrypted and not seen by the company. But the metadata (data about the usage of the service), which is also personal information, is shared with other members of the Facebook Group.
Whatsapp users are at liberty to decide on giving consent to the processing of their data based on the new privacy policy.
The Nigeria Data Protection Regulation (NDPR) recognizes consent (a clear, unambiguous expression of privacy terms communicated by the controller and accepted by the Data Subject) as one of the lawful basis for data processing. Acceptance of the new privacy policy and terms of use implies that user data would now be shared with Facebook and other third parties. Users will now be subject to the terms and policies of Facebook and other receiving entities with or without being direct subscribers to such services.
Advise
As a result of the foregoing, NITDA advises as follows:
Nigerians may wish to note that there are other available platforms with similar functionalities which they may wish to explore. Choice of platform should consider data sharing practices, privacy, ease of use among others; and
Limit the sharing of sensitive personal information on private messaging and social media platforms as the initial promise of privacy and security is now being overridden on the bases of business exigency.
Nigeria’s engagement with Facebook continues. “We have given them our opinion on areas to improve compliance with the NDPR. We have also raised concerns as to the marked difference between the privacy standard applicable in Europe, under the GDPR and the rest of the world.
Given the foregoing and other emerging issues around international technology companies, NITDA, with stakeholders, is exploring all options to ensure Nigerians do not become victims of digital colonialism. Our national security, dignity and individual privacy are cherished considerations we must not lose. Because of this, we shall work with the Federal Ministry of Communications and Digital Economy to organize a hackathon for Nigerians to pitch solutions that can provide services that will provide functional alternatives to existing global social platforms.”