Between The National Information Technology Development Agency (NITDA) Public Advisory and Whatsapp Privacy Policy

On January 4, 2021, WhatsApp Messenger (“WhatsApp” or the “Company”), a cross-platform instant messaging application that allows smartphone users to exchange text, image, video and audio messages for free issued an update to its current privacy policy (the “Policy”) of July 20, 2020, to come into effect on February 8, 2021. The highlight of the Policy noted that WhatsApp could share phone numbers and transaction data with Facebook, a related company to WhatsApp. This Policy empowered the Company to automatically collect usage and log, device and connection, and location information, and cookies; a well as use information collected for service, safety and security, business interactions, and communications about its services. It is important to know that WhatsApp could provide users marketing for its services and those of Facebook.

Also, the Policy envisaged that WhatsApp will provide integrations that enable users to connect WhatsApp experiences with other Facebook products. For example, allowing users to connect their Facebook Pay account to pay for things on WhatsApp or enabling users to chat with friends by connecting their WhatsApp accounts to Facebook. Additionally, the Policy envisages that WhatsApp will not retain users’ messages in the ordinary course of providing services to users but these messages are stored on such a user’s phone. However, it should be noted that undelivered messages are saved on WhatsApp’s servers and deleted 30 days after if it does not deliver. The most endearing reality that greeted the digital community with the Policy was that if users did not accept the new changes, they will lose access to WhatsApp services.

WhatsApp originally indicated in February 2021 that anyone who declined the updates would immediately lose functionality. There were insinuations that the update had to do with the commercialization and the unethical use of consumer chats or profile data; however, the Company has since pacified the digital community with clarifications, since there were threats by the digital community to abandon WhatsApp rather than trade their privacy. More so, WhatsApp had noted that the change is designed to outline how businesses who use WhatsApp for customer service may store logs of its chats on Facebook servers. The deadline for the acceptance of the update was eventually moved to May 15, 2021.

Given the final deadline, on May 18, 2021, the National Information Technology Development Agency (NITDA) has issued an advisory communique (the “Communique”) to Nigerians to address Nigerian concerns on changes to the WhatsApp Terms of Service and Privacy Policy which took effect on 15th May 2021[1]. NITDA had reported that the Facebook Team confirmed that private messages shared on WhatsApp consumer version are encrypted and not seen by the Company. The Communique also informed Nigerians that the metadata (data about the usage of the service) which is also personal information is however shared with other members of the Facebook Group. The Communique explained that WhatsApp users are at liberty to decide on giving consent to the processing of their data based on the new privacy policy; a right rooted in the Nigeria Data Protection Regulation 2019 (NDPR) as one of the lawful bases for WhatsApp processing data. Further, NITDA noted that acceptance of the new privacy policy and terms of use implies that user data would now be shared with Facebook and other third parties. Users will now be subject to the terms and policies of Facebook and other receiving entities with or without being direct subscribers to such services

Ultimately, NITDA urges Nigerians to note that there are other available platforms that they may utilise. The agency has advised Nigerians that while choosing platforms, they should consider data sharing practices, privacy, ease of use among others; and limit the sharing of sensitive personal information on private messaging and social media platforms as the initial promise of privacy and security is now being overridden on the bases of business exigency.

This article was authored by Adedoyin Fadare, an Associate at Alliance Law Firm.


Leave a Reply

Your email address will not be published. Required fields are marked *