WhatsApp will now provide a more forthcoming privacy policy to its EU users, thanks to pressure applied by the European Commission. The bloc has been on WhatsApp for violations of EU rules about agreement transparency for nearly a year now, and had previously told the company that it could be sanctioned if it did not comply.
WhatsApp agrees to EU rules, pledges to improve transparency
The agreement means that WhatsApp will make its privacy policy clearer to end users, in compliance with EU rules, in addition to making it easier for users to reject updates along with clearer explanations in situations where refusing the new privacy policy means agreeing to no longer use the service.
One immediate element of the privacy policy update is a confirmation from WhatsApp that other companies in the Meta family, chiefly Facebook and Instagram, are not receiving shared personal data from the app. WhatsApp will also allow users to dismiss or delay notifications about updates, and has pledged to not send recurring notifications.
This process began in January 2022, when the CPC Network first sent WhatsApp a formal letter advising it that a set of 2021 updates to the terms of service and privacy policy had run afoul of EU rules that disallow pressuring users to agree and require explanations of terms in “plain and intelligible” language. After not receiving a response from WhatsApp, a second letter was issued in June 2022 requiring action by the following month. This led to initiation of discussions between WhatsApp, the CPC Network and the European Commission.
WhatsApp will be subject to ongoing monitoring of its privacy policy updates by the CPC Network, and could face fines if violations of EU rules crop up again.
Privacy policy terms in EU face increased scrutiny for “dark patterns,” confusing language
Not everyone is satisfied by this outcome, most notably The European Consumer Organisation (BEUC), which brought the original complaint that started the ball rolling in early 2022. BEUC deputy director general Ursula Pachl said that the decision did nothing for “millions” of WhatsApp users that were previously pressured into accepting the privacy policy or that did not understand what they were agreeing to.
The WhatsApp privacy policy change of 2021 raised hackles as it indicated that it would end its longstanding segregation of user data from Facebook’s advertising ecosystem, and users additionally feared it might weaken the system’s end-to-end encryption. WhatsApp initially told users they would need to accept the change within about a month or stop using the app; outcry caused them to push the deadline back several months, but aspects of the user experience would gradually deteriorate over time (beginning with more and more invasive prompts nagging users to accept the new terms).
The move was thought to have fueled a small boom in alternative privacy-focused messaging apps, particularly Telegram (which reported gaining tens of millions of new users after the new WhatsApp privacy policy was announced). The company seemed to vastly underestimate not only how its users would react, but also the extent to which it might be in violation of EU rules.
Regulators also signaled that this decision marked the beginning of greater scrutiny of “dark patterns” in UI design and privacy policy terms, elements that intentionally attempt to hide things from the user or push them to accept terms. In early 2022, the French data protection watchdog hit Facebook and Google with fines over use of dark patterns due to intentionally drawn-out processes for opting out of cookie use. That decision was made under the authority of French national law, and was the first serious penalty of this nature in the bloc. EU rules will soon receive a boost in this area, at least in cases that involve big tech platforms, when the terms of the Digital Services Act (DSA) go active later this year.
WhatsApp built its popularity by being one of the initial entrants into the instant messaging market to offer end-to-end encryption for all messages. Meta’s ownership of the company has been fraught with issues, however, dating all the way back to the 2014 acquisition. There were some indications that Facebook only acquired the company because it was becoming such a strong competitor to its own Messenger service, something that has drawn antitrust scrutiny that continues to this day.
The market has since opened up for other privacy messaging apps, such as Telegram and Signal, as integration with the Facebook ecosystem has gradually increased over the years. Though user messages are kept private, more and more of their profile and contact information tends to be integrated into the Facebook targeted advertising system as time goes by. The app was fined €225 million in 2021 for violating EU rules regarding disclosure of data collection, and again in January of this year for insufficient privacy policy clarity and forced opt-ins. The more recent €5.5 million fine came with an order to come into compliance with relevant EU rules within six months or face more penalties.

