[Update Sept 2021 - WhatsApp issued second-largest GDPR fine of €225m]
WhatsApp's recent change to its privacy policy, allowing data sharing with parent company Facebook, caused a big backlash, particularly as users had no choice but to accept the new terms or have their WhatsApp account deleted.
This update is to help pave the way for WhatsApp to allow its users to communicate, and buy, from businesses who will pay WhatsApp to do so. Over 15 million in India already use WhatsApp Business every month.
As part of the recent change of terms Facebook added a section called “Transaction and Payments Data” which will facilitate this move towards social commerce and let them gather financial data from users.
How is WhatsApp Business different from the usual WhatsApp?
Standard WhatsApp can only be used personally for 'friends and loved ones'. There are many dangers to using standard WhatsApp for business purposes despite the fact that over 40% of UK professionals admit to doing so.
WhatsApp Business can be used for business but:
- You are represented as a business/brand not as an individual
- It cannot be used within, or across, organisations ("not intended for intracorporate usage") only between a business and customers
So what about WhatsApp Business's terms of service?
There has been much scrutiny on standard WhatsApp's terms of service but as they pave the way for integration with other businesses, and sharing information with them, then we need to understand the terms of service for WhatsApp Business.
And if you are a business who wants promote yourself on WhatsApp, interact with prospects and customers via WhatsApp, or even sell via WhatsApp, then you will have to agree to these terms.
You should read WhatsApp Business Terms of Service but note, among other things:
- You cannot use WhatsApp Business in regulated industries ("We make no representations or warranties that our Business Services meet the needs of entities regulated by laws and regulations with heightened confidentiality requirements for personal data, such as healthcare, financial, or legal services entities.")
- Getting customer permission is your responsibility. ("Company must also secure all necessary rights, consents, and permissions (for example, opt-in) to share its customers’ contact and other personal data with WhatsApp")
- Under GDPR you become the data controller. ("...you are the data controller selecting the message recipients and instructing WhatsApp, for the duration of these Business Terms, to process such Personal Data on your behalf as your data processor")
- Your information will be shared across Facebook ("We may share this information with the Facebook Companies, and we and the Facebook Companies will use all the information we have to develop, operate, provide, improve, understand, customize, support, and market our Business Services, our other services, and the services and products of the Facebook Companies.")
- You cannot use WhatsApp Business within, or across, organisations only between a business and its customers. ("Our Business Services are not intended for intracorporate usage.")
- Your data will be transfered to the United States ("Company agrees to the transfer and processing of information that we collect, store, and use under these Business Terms, to the United States and other countries globally where we have or use facilities, service providers, or partners, regardless of where you use our Business Services. You acknowledge that the laws, regulations, and standards of the country in which your information is stored or processed may be different from those of your own country.")
- Your data will be revealed for a number of reasons ("You agree that WhatsApp may share your information, including Company Content, if...")
- All risks are yours ("Company agrees to defend, indemnify, and hold harmless the WhatsApp Parties from and against all liabilities, damages, losses, and expenses of any kind...")
What should you do if you want to use WhatsApp for business purposes?
You must use WhatsApp Business. However, there are many restrictions, responsibilities and risks to this you should be aware of and some are noted above.
Many of these are particularly risky for larger organisations because of privacy regulation like GDPR or other regulatory requirements in their industry. Given WhatsApp messages are end-to-end encrypted it is not yet clear what visibility, or audit trails and proper record-keeping, will be available to businesses using WhatsApp to interact with customers.
Note also, the intended uses of WhatsApp Business are for organisation<>customer only and exclude internal or cross-business use.
What does WhatsApp Business mean for standard WhatsApp users?
The recent contraversial changes to the privacy policy for standard WhatsApp users only paves the way for many features and integrations to come: advertising, paments, business-customer messaging etc.
Currently it is not very clear what this will mean for a standard WhatsApp user. For example, if you interact with a business via WhatsApp what data do they get and are they allowed to see and store your messages, and, if so, how widely within their organisation and what rights do you have over that? The answers will also vary by jurisdictions around the world.
What does seem clear, however, from the WhatsApp Business terms that businesses are required to agree to (as outlined earlier), is that any risks involved in this are being transferred to the business and are not Facebook's problem so businesses will have to tread very carefully.
Join Guild 🤝
See for yourself how the Guild experience is different to WhatsApp, Slack, LinkedIn or Facebook Groups.
Guild is a safe space to connect, communicate and collaborate with others.
Join us on a platform that is purpose-built for creating groups, communities and networks on mobile.