WhatsApp Privacy Policy: Translated

This is my personal, snarky interpretation of WhatsApp’s most recently-issed privacy policy; based on my reading of it, my years of experience in data protection and my observations of Facebook’s behaviour. It’s not literally what the privacy policy says, only a parody for the purpose of entertainment and awareness. Draw your own conclusions.

Cookie notice

Oh, hello, welcome to WhatsApp’s privacy info, before we’ll allow you to read anything, you must allow us to plant surveillance tools on your computer. No, we’re not going to tell you what they are, or how we’ll use them, that would scare you. If you want to know what we’re up to badly enough, you’ll have to let us digitally piss on you to mark our territory before you can proceed.

[Miss IG Geek: According to the webbkoll tool, they aren’t even setting any cookies, so the terrible cookie-wall isn’t even necessary. Figure that one out.]

Legal Info

We are WhatsApp, one of Facebook’s particularly long and wriggly tentacles. Don’t forget that we’re all part of the same slimy entity though; and anything that one tentacle can slurp up is therefore available to all the others. This is where we make a vague gesture in the direction of the tangled mess of privacy policies that Facebook employs to keep its users from working out what’s really going on

Oh yeah, and here is a document full of dense legal jargon which we use for hiding stuff we don’t want you to think about. You have to read that as well if you want to understand this privacy policy, which we’re confident won’t happen because we made it as tedious and incomprehensible as we could.

Information We Collect

We collect lots of information about you for a whole bunch of purposes, some of which we’ll describe (only the ones that make us look non-evil though), and some of which we’ll keep secret because muahahaha how else are we supposed to maintain our unaccountable global-megacorp powers?

We’ll start by telling you the obvious ones in the hope that you get bored and decline to dig any further….we know what you tell us, because you’ve told us about it. See – aren’t we good at this transparency thing???

Yay encryption! End to end! Wow such secure! Very privacy! We can’t see into your messages. We can see your nudes though. And links. And attached documents. But end-to-end encryption for your words!

We also slurp up lots of detail about what you’re doing, where you are, who you interact with, how often you interact with them, how you engage with them, your phone habits, what you’re looking at online, and what you’re using to get connected.

We’ve also got a network of useful idiots end users and business partners who’ll snitch on your activities to us without your knowledge – sometimes without theirs either. To distract you from this alarming thought, we make a point of telling you how dangerous other people can be, while trumpeting our safety and security features as if they weren’t largely enforced upon us by regulatory authorities and angry consumer demand.

Some of this information gets handed off to other tentacles, but we’re not going to tell you exactly what and when, and only hint at why unless we’re trying to convince you that we’re the good guys (tee hee). It’s your responsibility to navigate and comprehend all their privacy policies and terms of service, then try and suss out which bits apply to your data and which don’t. Good luck with that.

How We Use Information

We use your information in lots of interesting ways, but we’re only going to cite and explain the ones that make us look good, while keeping very quiet about our parent’s core activities of profiling, microtargeting, manipulation and monetising the worst of human nature. We’ll make a point of telling you that we won’t show you ads, while conveniently omitting to mention that we’re still pimping you to the advertisers.

In order to be able to provide this service to our customers (NB: this does not include you, only people who give us actual money), we have to collect loads of info about you. As we’re part of Facebook, we have to give them loads of your info as well, so that they can provide their service – which is the corralling and herding of individuals so that they can be reaped of surveillance data and made to dance like bears in a Victorian circus. Other companies pay to be able to call the tunes, and we get bonuses like monopolies and nation-state influence. Good deal, huh?

Let’s just take a moment to confuse things by describing metadata as a purpose because the more confused you are, the less likely you are to bother with this whole privacy thing.

Information You And We Share

You ‘share’ your information with us and other people by existing being connected to our network. Some of those people want to use you, some of them want to abuse you. We’ll let you block those that want to abuse you, as long as they’re not fellow-tentacles or customers of our manipulation machine/radicalisation engine. Those get a free pass, and to save you anxiety, we just won’t tell you about them in any useful detail. Bear in mind that you chose to be here – you are therefore partly responsible for any adverse outcomes.

How We Work With Other Facebook Companies

Here’s another reminder that we have to do some bare minimum user-protection and safety stuff, look how generous and kind we are. We’ll spend a whole paragraph on that, but only use a fragment of a sentence to tell you that undisclosed amounts of data about your habits, character, behaviours, interests, interactions and movements are used to make predictions and judgements about your social worthiness, commercial value and avenues of exploitation. Our claim that we don’t let other tentacles wring our your data for their own nefarious reasons, is carefully-worded to disguise that the shared, group-wide purposes we’re being so coy about, are the ones you should really be worried about. If it’s that important to you, you’ll read all of the linked and cross-referenced documents, then compare them to research findings in the wild, and historical media coverage of our past actions, and figure it out for yourself. Obviously if you don’t do all that work, you only have yourself to blame.

When we use consent, we’ll ask you for consent and that’ll be when it happens so that’s what we’ll do. With any luck, you won’t notice you’ve been asked for consent at all, let alone that you’ve provided a response. We have very clever people working here.

Here is a list of potential lawful basis, with some benign-looking examples. We can only give you cherry-picked examples, because if we revealed all our uses of all of the data, you’d realise how much you’d rather we didn’t do those things, and we can’t have that. So we’ll mutter quickly about ‘marketing’ and ‘connecting you’, ‘operating’ and ‘communicating’ then spend the other 80% of the paragraph waxing lyrical about the safety and security features that protect you from everyone else but us.

Have some more guff about how concerned we are for your safety. Not concerned enough to stop enabling of radical extremists, authoritarians and predators, but just enough to distract you from how neatly we fit into those latter two categories.

Our Legal Basis For Processing Data

We’ve been forced to admit that we’re watching, judging and labelling you to better identify and exploit your weaknesses, but we’re going to describe this as ‘demonstrating the value of our services to partners’ and ‘understanding how people interact with businesses’ so that you don’t realise what we’re really talking about. By the time you work out that you’ve been discriminated against, disadvantaged, denied your rights and duped, it’ll be too late anyway. Besides, what are you going to do – complain to a regulator? LOL.

Oh by the way, we also use data for preventing fraud (unless we’re benefiting from it), public safety (from riots we have helped to enable), commercial protection (ours), and standard common-sense stuff that might also be a cover for a whole lot of other nefarious stuff we just haven’t been caught out at yet.

For those with a sense of irony, we claim that our processing for research is done on public interest grounds, despite the fact that our group’s approach to research is to conduct illegal and unethical psychological experimentation on young people and minors. They denied this at the time, of course, but were robustly contradicted by the evidence. Our parent entity won’t co-operate with academics doing real, scientifically-rigorous, open-access research into social media and its impacts, because we’re much too afraid of what they’ll find out. The last thing we really want is for our research to attract the interest of the public – we’d be in serious trouble. Again.

How You Exercise Your Rights

You have some rights, which deeply disturbs us. You can tell us to stop doing stuff if you ever manage to figure out what we’re doing, but we’ll probably manage to come up with a reason not to uphold your request, so maybe don’t bother. You can always delete your account if you want your rights to remain intact. We’ll let you take out the info you put in, and call that ‘access’, as long as you don’t ask us for the stuff we dig up behind your back. That’s off-limits to you, uppity data subject. It’s OURS, and we need it for accumulating wealth and power. So there. Complain if you like, but unless you have deep pockets, boundless energy and several years to spend wrangling with us, the regulator and our various sock puppets, we advise you not to try (especially if your name is Max Schrems – we’re practically at the point of hiring a hitman to sort you out, you troublesome bastard.)

Managing And Retaining Your Information

We’ll keep your data as long as we think we might want or need it. The only info we’re willing to admit to an actual retention policy for is the encrypted stuff we can’t get into anyway. As it’s no use to us, we happily admit to keeping it for 30 days. If you want specifics about how long we keep the stuff that’s actually useful to us, then – LOOK! A SQUIRREL!!

Moving on.

When you delete your account, we’ll delete your data except for the bits that we won’t delete because we want to keep them. Your user info won’t be attached to some of it, we’ll replace that with a unique code that allows your behaviour to be pinpointed and analysed, but prevents us from having to worry any of those pesky rights you might want to exercise. Here is yet another set of links to external documents that might help you figure it all out – but only if you’re reading between the lines with a careful and cynical eye.

Law, Our Rights And Protection

We have rights! This is good, because we’re only a humble tech platform that’s part of one of the most powerful rogue corporates on the planet. If we think you’ve done something illegal – or if someone else thinks you have – we might hand your data over to them. We might even ask for a warrant, if we’re feeling exposed.

Our Global Operations *strokes white cat*

Standard contract clauses are still our basis for sending your data all around the world –  notably to places known to be hostile to human rights and freedoms – despite the fact that that’s no longer legal. We’re going to pretend that it is because we don’t think we should have lost those court cases. Our group’s business model depends on us ignoring privacy laws, after all. Don’t like it? Delete your account. But remember; we’re still watching. If you go to NOYB or Privacy International for help….we’ll know.

Updates To Our Policy

All this stuff we just told you? We’ll change it at some point. Best keep an eye out for that, although we’ll be helpful by letting you know you can’t use our app unless you agree to let us do all these things to you. Hey, you wanted ‘free’.