To understand the issues and give an opportunity to explain its views, NITDA in collaboration with the African Network of Data Protection Authorities engaged Facebook Incorporated, the owners of Whatsapp platform, specifically, its global Policy officials on 9th April, 2021. After the engagement, NITDA, as Nigeria’s data privacy regulator, wishes to advise Nigerians on how Facebook’s business decision affects their privacy rights.
What Has Changed?
Datasets collected by Whatsapp
Whatsapp collects the following information on users:
- account information;
- messages (including undelivered messages, media forwarding);
- status information;
- transactions and payments data;
- usage and log information;
- device and connection information;
- location information;
- cookies etc.
Other information collected by Whatsapp include:
- battery level;
- signal strength;
- app version;
- browser information;
- mobile network;
- connection information (including phone number, mobile operator or ISP), language and time zone;
- Internet Protocol address;
- device operations information;
- social media identifiers.
The new policy best renders the platform’s information sharing practices with Facebook and its companies-
“As part of the Facebook Companies, WhatsApp receives information from, and shares information with, the other Facebook Companies. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the Facebook Company Products…”
Whatsapp shares the above listed information and the following with the Facebook company:
- account registration information;
- details on how users interact with others;
- mobile device information;
- Internet Protocol address;
- Location data etc.
The Facebook Team confirmed that private messages shared on WhatsApp consumer version are encrypted and not seen by the company. But the metadata (data about the usage of the service) which is also personal information is shared with other members of the Facebook Group.
As a result of the foregoing, NITDA advises as follows:
- Nigerians may wish to note that there are other available platforms with similar functionalities which they may wish to explore. Choice of platform should consider data sharing practices, privacy, ease of use among others; and
- Limit the sharing of sensitive personal information on private messaging and social media platforms as the initial promise of privacy and security is now being overridden on the bases of business exigency.
Nigeria’s engagement with Facebook continues. We have given them our opinion on areas to improve compliance with the NDPR. We have also raised concerns as to the marked difference between the privacy standard applicable in Europe, under the GDPR and the rest of the world.
Given the foregoing and other emerging issues around international technology companies, NITDA, with stakeholders, is exploring all options to ensure Nigerians do not become victims of digital colonialism. Our national security, dignity and individual privacy are cherished considerations we must not lose. Because of this, we shall work with the Federal Ministry of Communications and Digital Economy to organize a hackathon for Nigerians to pitch solutions that can provide services that will provide functional alternatives to existing global social platforms.
Mrs. Hadiza Umar MNIPR, M.ARPA, MCIPR
Head, Corporate Affairs and External Relations
Corporate Headquarters, Garki, Abuja