In January, WhatsApp announced the release of a new privacy policy that allows the messenger service to share user data with its parent company Facebook. The policy has been met with public outcry and resulted in many users flocking to rival companies such as Signal. The backlash led to WhatsApp deciding to postpone the update, and it recently clarified that the new update relates to how people interact with businesses and how users will be asked to review its privacy terms. Previously, users saw a full-screen message prompting them to accept policy changes. With the new update, users will see a small banner near the top of their screen requesting them to review the company’s privacy policy, and they will then have the option to download a more detailed PDF of the update. According to the new policy, customers interacting with businesses could have their data collected and shared with Facebook and its companies. This means that customer transactions and customer service chats could be used for targeted advertising.
Facebook’s change of the WhatsApp privacy policy is fuel to its existing war over data privacy with one of the other largest tech companies, Apple. In 2014, Apple’s chief executive Tim Cook criticized companies like Facebook by saying, “If they’re making money mainly by collecting gobs of personal data, I think you have a right to be worried.” Apple also heightened its words into actions: it is introducing a new App Tracking Transparency feature to be automatically enabled in iOS in early spring, which requires every iOS app developer to explicitly request user permission to track and share information with data brokers and other companies. While many sites collect data on a first-party basis, Apple’s new requirement places a consent requirement for even third-party tracking.
Apple’s approach to privacy has been equally criticized by Facebook. The social network launched a website accusing Apple of hurting small businesses and took out full-page ads in The New York Times, The Wall Street Journal, and The Financial Times claiming that it was “standing up to Apple for small businesses everywhere.” In response, Apple recognized that it expected such protests that would “attempt to maintain the privacy-invasive status quo.” Notably, Apple’s new feature will not require Facebook to stop sharing user data, but simply offer users a choice to opt-in.
Google is internally discussing an alternative to Apple’s App Tracking Transparency feature for its Android users. A Google spokesman said that they are seeking to balance safer data handling practices while enabling a “healthy, ad-supported app ecosystem.” Any potential Android alternative system is still in its early stages, and we have yet to see what changes Google will actually implement. For now, the tech giant suggested that an Android solution could be similar to its web alternative, known as the Privacy Sandbox, which offers targeted advertising with less specific data collection.
The war between Apple and Facebook is the culmination of growing ethical concerns relating to data privacy. Data spurs innovation, but at what cost? Ethical concerns regarding data privacy are now becoming critical not only to experts, but also the public. The pandemic has brought these concerns to the forefront; from retail stores to entertainment services, businesses are collecting increased data to better assess product demand and outmaneuver their competitors. But consumers are now taking notice. According to a PwC poll, 84% of consumers said they would switch platforms if they can’t trust a business’s data practice. Consumers increasingly believe that they have a right over their data, and apps that collect or share data without consent are breaching their trust.
After a recent series of high-profile data breaches at companies such as Equifax and Yahoo, legislatures have already begun addressing data ethics. The recent years have seen a host of new laws and regulations concerning data privacy, with the most notable American law being the California Consumer Privacy Act (CCPA). The CCPA grants California residents the right to access their personal data, including the right to know what kinds of third parties a company has sold their information to. Globally, similar protections have been codified through the EU’s General Data Protection Regulation (GDPR), which creates stricter compliance requirements for international data transfers. Coming closer to the GDPR model, Japan has also recently passed amendments to its data privacy law, the Act on the Protection of Personal Information (APPI). The new amendments further expand individual rights to one’s data and place emphasis on breach notification and cross-border application. These three major laws share basic similarities; they pursue greater autonomy for individual data and encourage transparency in business practices.
It is questionable whether businesses will respond to these growing ethical concerns out of respect for consumer privacy or fear of fines triggered by laws such as the GDPR. Whatever their motive may be, one thing is clear: companies will need to meet the rising consumer demand for data protection. Some measures include collecting only limited data for required purposes and informing customers how their data will be collected, used, and shared. Accenture Interactive found that 73% of consumers are willing to share more personal information if businesses are transparent about how it is used. Perhaps this is the reason Apple has jumped on the bandwagon of respecting user privacy, and it won’t be long until Facebook may be forced to adjust its privacy approach as well.
* Rimsha Syeda is an Associate Editor on the Michigan Technology Law Review.