WhatsApp accounts could be deactivated simply by sending a request from any email address, so long as the attacker knew the associated phone number. Going forward, the account deactivation process now involves a follow-up message that requests verification of ownership of the associated phone number.
The agreement means that WhatsApp will make its privacy policy clearer to end users, in compliance with EU rules, in addition to making it easier for users to reject updates along with clearer explanations in situations where refusing the new privacy policy means agreeing to no longer use the service.
The WhatsApp GDPR violations pertain to Article 12 and 13(1)(c) requirements that platform users be clearly informed of the legal basis under which their personal information is being collected.
Threat actor is offering the alleged WhatsApp data leak for a relatively low cost, dividing it up by country of origin and offering each package for prices in the range of several thousand dollars via a dark web forum.
The legal battle between Facebook-owned WhatsApp and the Indian government is a bit of a high-stakes game of chess determining both global consumer privacy and the sovereignty of tech companies to build such privacy on their own platforms.
WhatsApp will soon roll out end-to-end encryption for chat backups, shutting down a favorite loophole exploited by law enforcement agencies, and giving WhatsApp an edge of market appeal.
The Irish DPC has taken some heat for perceived softness in issuing GDPR fines to Big Tech. A $267 million fine issued to WhatsApp is the first substantial amount that the Irish regulator has assessed, but it comes amidst accusations and criticism.
Contentious WhatsApp privacy update has caused new consumer complaints to be filed by watchdog groups, which say that users are being unfairly pressured into accepting.
Recent rules passed in India that threaten end-to-end encryption are being challenged in court by WhatsApp. New "traceability" rules require social media platforms with at least five million users to be able to identify the originator of a message.
A combination of negative public sentiment and a legal challenge in the Indian court system has prompted WhatsApp to delay the new terms found in its privacy policy update.