Art. 13 of the Regulation discusses the information to be provided if you collect personal data from users:
- The contact details of the website owner/organization or its data protection officer (if appointed).
- The purpose of processing personal data and the lawful basis for processing the data.
- The legitimate reason for processing the data by you or any third party, if any.
- The recipients of the users’ personal data.
- If there is a need for cross-border transfer of data, and if so, the safety measures taken to protect the data.
- The period of storing the data and why.
- The rights of users and how they can exercise them.
- The right to withdraw consent at any time.
- The right to lodge a complaint with a supervisory authority that monitors the implementation of GDPR.
- If there is any contractual obligation to provide the data and the possible consequences of failing to do it.
- If you use automated decision-making including profiling and if so, why and the possible outcome of it.
Art. 14 lists out the information to be provided in case you do not collect the data directly from the users. Here, you will have to provide the information about the categories of personal data you collect and the source.
- The categories of personal information it will collect from the users.
- The categories of sources from which the personal information is collected.
- The purpose for collecting or selling personal information.
- The categories of third parties with whom the business shares personal information.
- Contact details or ways to submit the requests to exercise the CCPA rights.
- An opt-out option/link (Do Not Sell My Personal Information) to stop collecting or selling the personal information.
We want to address some rumors and be 100% clear we continue to protect your private messages with end-to-end encryption. pic.twitter.com/6qDnzQ98MP— WhatsApp (@WhatsApp) January 12, 2021
WhatsApp says on its FAQ that “If you haven’t accepted by then, WhatsApp will not delete your account. However, you won’t have full functionality of WhatsApp until you accept. For a short time, you’ll be able to receive calls and notifications, but won’t be able to read or send messages from the app.” Exchanging messages is the main feature of WhatsApp, so this announcement is a huge setback for its users.
- WhatsApp will collect device and connection-specific information, such as “battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account).”
- WhatsApp will collect “IP addresses and other information like phone number area codes to estimate your general location (city, country)” regardless of whether you use their location-related features,
- If you interact with a business on WhatsApp, “the content you share may be visible to several people in that business”, and to the third-party services, the business has given access to.
- When you use any third-party services (including Facebook) integrated with the app, WhatsApp will share your information with them. However, it adds that your WhatsApp message will not be shared on Facebook and “In fact, Facebook will not use your WhatsApp messages for any purpose other than to assist us in operating and providing our Services.”
- If you use any of their payment services, they will process the payment and transaction information.
- If you delete your WhatsApp account from your phone and not using the in-app settings, your information will remain with them for a longer period. Your information related to the group you created and any copy of your message other users have will remain even if you delete the account.
However, the app users in the European Union do not have to agree to the new terms to continue using its services. The GDPR’s stringent laws give the EU users data protection compared with users in other parts of the world. This has drawn huge criticism from countries like India, where the social messaging giant has the highest number of users. The Indian government has cracked down on WhatsApp for its separate policy for the country. It is crucial to note that India lacks a robust data protection law (the Personal Data Protection Bill is currently in draft), which prevents its citizens from a higher level of data protection. WhatsApp’s “all or nothing” approach is currently being discussed in Indian court now.
▢ Are you aware of the data privacy law(s) that applies to your website?
▢ Does it mention what type or categories of personal data or information you will collect?
▢ Does your website have any legal basis for collecting and using the users’ data?
▢ Do you get user consent for data collection and use?
▢ Do you provide opt-in and opt-out choices for data collection and if so, what is the method you use?
▢ Do you have the list of cookies used by your website and the details about their source and purpose for the policy (privacy or cookies policy) page?
▢ If CCPA applies, do you provide a “Do Not Sell My Personal Information” link on your website for users to opt-out of selling their data?
▢ Are your users aware that they can opt-out of data collection and use and how to do it?
▢ What type of information do you store and for how long?
▢ Do you have information about all third parties with whom you share the data?
▢ Are your users aware of the rights granted to them under the applicable data privacy laws and how to exercise them?
▢ Are your users aware of the security measures you have taken to protect their data?
▢ Have you provided the contact details of the data protection officer or grievances officer, if any?
You can copy and paste the content as text or HTML or directly send it to your email to edit it.
CookieYes cookie consent solution for your business
You can let users take control of what type of cookies the website must load by giving granular consent choices (opt-in and opt-out) for cookie categories. CookieYes logs the consent received in a downloadable file that you use to demonstrate proof of consent, if necessary.
Other than that, CookieYes offers many other features, such as auto-translation of the cookie consent banner, geo-targeted display of the banner, banner callback button, and additional CSS customizations.