In January, WhatsApp, the messaging app marketed on a reputation for privacy and used by millions of Nigerians, started to ask its users to agree to share their personal data with Facebook or have their accounts deleted by February 8. (WhatsApp has been sharing data with Facebook since 2016)
The announcement generated backlash and many users threatened to stop using the app and find alternatives, such as Signal and Telegram.
WhatsApp, which is owned by Facebook, buckled for a second and postponed its February deadline to May 15.
In a blog post explaining the rationale for the postponement, WhatsApp said its update had been misunderstood.
“WhatsApp was built on a simple idea: what you share with your friends and family stays between you,” the post read. “This means we will always protect your personal conversations with end-to-end encryption, so that neither WhatsApp nor Facebook can see these private messages.
“It’s why we don’t keep logs of who everyone’s messaging or calling. We also can’t see your shared location and we don’t share your contacts with Facebook.”
The company said the new update only affected “optional business features on WhatsApp” and “does not expand our ability to share data with Facebook.”
Later, WhatsApp said people who do not agree to the new update will not “have their accounts deleted or lose functionality of WhatsApp on May 15.”
Instead, the app will continue to remind them and, “after a period of several weeks, the reminder people receive will eventually become persistent.”
Once a user starts receiving persistent messages, they will also experience limited functionality – being unable to access your chat list, for example – until they accept the terms.
After a few weeks of limited functionality, users who still do not accept will be unable “to receive incoming calls or notifications and WhatsApp will stop sending messages and calls to your phone.”
On May 17, the National Information Technology Development Agency (NITDA) said it was engaging Facebook on the new policy and “exploring all options to ensure Nigerians do not become victims of digital colonialism.
“Our national security, dignity and individual privacy are cherished considerations we must not lose.”
One of NITDA’s concerns is that the new update is only applicable outside Europe, which is protected by the General Data Protection Regulation (GDPR).
On May 21, the Ministry of Communications and Digital Economy, headed by Dr Isa Pantami, said it was aware of the WhatsApp update and was backing NITDA’s engagement with Facebook.
However, Samuel Ngwu, a data privacy commentator, believes NITDA’s response to the WhatsApp update was belated and inadequate. The policy took effect on May 15 and NITDA’s statement only surfaced two days later.
“The entire reactive approach is inconsistent with NITDA’s own recognition of data privacy and protection being serious national issues,” Ngwu said. “Clearly regulatory nimbleness and proactivity cannot be over-emphasised in the data privacy space.”
According to NITDA, Facebook collects the following information on its users: account information, messages, including undelivered messages and forwarded; (important to note that WhatsApp says it does not store messages on its servers, except for undelivered messages, which are kept for a month before they are deleted. Also, WhatsApp has stressed that it is unable to read users’ messages as they are encrypted end-to-end); status information; transactions and payments data, usage and log information, location information; cookies; etc.
Other information collected by WhatsApp include: battery level; signal strength; app version; browser information; mobile network; connection information (including phone number, mobile operator or ISP), language and time zone; Internet Protocol address; device operations information; social media identifiers.
According to NITDA, WhatsApp shares the following information with Facebook: Account registration information; details on how users interact with others; mobile device information; Internet Protocol address; location data.
While it continues to engage with Facebook, NITDA said Nigerians should be aware that there are alternatives to WhatsApp in the country and advised citizens to “limit the sharing of sensitive personal information on private messaging and social media platforms as the initial promise of privacy and security is now being overridden on the basis of business exigency.”
NITDA, which is the regulator of Nigeria’s Information Technology sector, has also hinted that it is looking to create its own WhatsApp.
“We shall work with the Federal Ministry of Communications and Digital Economy,” it said in its May 17 statement, signed by its spokesperson, Hadiza Umar, “to organise a hackathon for Nigerians to pitch solutions that can provide services that will provide functional alternatives to existing global social platforms.”
When Channels Television reached out to WhatsApp for comment, a spokesperson reiterated that “the privacy and security of personal chats with family and friends are not changing. Personal messages continue to be protected by end-to-end encryption.”
But messages sent to business accounts may be subject to further analysis for commercial considerations.
“Neither WhatsApp or Facebook can make use of this content for their own purpose,” the WhatsApp spokesperson said when asked whether the company can analyse the content of these ‘business messages’.
“They can only process it at the instruction of the business. Similar services are already offered by a number of other providers today such as Twilio, Zendesk or MessengerPeople.”
Still, Ngwu, the data privacy expert, told Channels Television that Nigerians who use WhatsApp should be wary as Facebook has a track-record of breaching its users’ personal data, as in the Cambridge Analytica scandal. “WhatsApp has said the update only affects optional business features,” Ngwu said, “but Nigerians should be worried.”