NITDA advises Nigerians on security implications of new WhatsApp privacy policy changes

By Ibiyemi Mathew

The National Information Technology Development Agency (NITDA) has provided security advisory to Nigerians to address concerns on changes to Whatsapp Terms of Service and Privacy Policy which took effect on 15th May, 2021.

Millions of Nigerians use Whatsapp platform for business, social, educational, and other purposes.

NITDA said the advisory is accordance to it Section 6 (f) of the NITDA Act 2007.

The Agency which acknowledged that the platform is the social media platform of choice for many Nigerians, said they understand the issues at hand.

The Head, Corporate Affairs and External Relations at NITDA, Mrs. Hadiza Umar, in a press statement noted that the Agency in collaboration with the African Network of Data Protection Authorities engaged Facebook Incorporated, the owners of Whatsapp platform, specifically, its global Policy officials on 9th April, 2021.

She said that after the engagement, NITDA, as Nigeria’s data privacy regulator, decided to advise Nigerians on how Facebook’s business decision affects their privacy rights.

NITDA’s advisory:

What has changed? Facebook acquired Whatsapp in February 2014. Facebook currently has over 2.5 billion users globally, while Whatsapp has over 2 billion users.

Whatsapp shared a reviewed Privacy Policy on 4th January 2021, informing its users outside the European Union that it would now share their information with Facebook and its sister companies.

Datasets collected by Whatsapp

Whatsapp collects the following information on users: account information; messages (including undelivered messages, media forwarding); connections; status information; transactions and payments data; usage and log information; device and connection information; location information; cookies etc.

“Other information collected by Whatsapp include: battery level; signal strength; app version; browser information; mobile network; connection information (including phone number, mobile operator or ISP), language and time zone; Internet Protocol address; device operations information; social media identifiers.

“The new policy best renders the platform’s information sharing practices with Facebook and its companies.

“As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the other Facebook Companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the Facebook Company Products…”

Whatsapp shares the above listed information and the following with the Facebook  company: account registration information; details on how users interact with others; mobile device information; Internet Protocol address;L occasion data etc.

The Facebook Team confirmed that private messages shared on WhatsApp consumer version are encrypted and not seen by the company. But the metadata (data about the usage of the service) which is also personal information is shared with other members of the Facebook Group.

Whatsapp users are at liberty to decide on giving consent to the processing of their data based on the new privacy policy.

The Nigeria Data Protection Regulation (NDPR) recognizes consent (a clear, unambiguous expression of privacy terms communicated by the controller and accepted by the Data Subject) as one of the lawful basis for data processing.

Acceptance of the new privacy policy and terms of use implies that user data would now be shared with Facebook and other third parties.

Users will now be subject to the terms and policies of Facebook and other receiving entities with or without being direct subscribers to such services.

Advice

As a result of the foregoing, NITDA advises as follows:

Nigerians may wish to note that there are other available platforms with similar functionalities which they may wish to explore. Choice of platform should consider data sharing practices, privacy, ease of use among others; and

Limit the sharing of sensitive personal information on private messaging and social media platforms as the initial promise of privacy and security is now being overridden on the bases of business exigency.

“Nigeria’s engagement with Facebook continues. We have given them our opinion on areas to improve compliance with the NDPR.

“We have also raised concerns as to the marked difference between the privacy standard applicable in Europe, under the GDPR and the rest of the world.

“Given the foregoing and other emerging issues around international technology companies, NITDA, with stakeholders, is exploring all options to ensure Nigerians do not become victims of digital colonialism.

“Our national security, dignity and individual privacy are cherished considerations we must not lose. Because of this, we shall work with the Federal Ministry of Communications and Digital Economy to organize a hackathon for Nigerians to pitch solutions that can provide services that will provide functional alternatives to existing global social platforms.”

 

NewsDirect
NewsDirect
Articles: 19850