In a country where mobile devices are abundant, and often the only way to get connected, WhatsApp Business offers local companies the use of an existing app on people’s phones to communicate at scale and provide improved customer service through quick replies, automated messages and compelling status updates.

Then, in early January, WhatsApp users got a pop-up notification alerting them to privacy policy changes that needed to be accepted before 8 February, or risk not being able to use the app. Here’s what this means for the many South African businesses who have made the platform an integral part of their communication mix.

It should be noted that most of the privacy policy users are concerned with have been in place since 2016, and the only changed policy noticeable relates to the use of WhatsApp for Business and financial information and purchases which has been introduced since the launch of WhatsApp payment services in some countries.

What data is collected

It has been generally discussed that the update to the privacy policy has been brought about by Apple introducing a privacy disclosure requirement in IOS14 that all developers with apps in the Apple App Store need to make that lists all the elements of data that applications link to a user.

Examples of other data linked to users on WhatsApp (extracted from the app information on the app store under “App Privacy”) include: Contact info, Contacts, Identifiers, Location, Usage data, Diagnostics,  and User content (where it links to Facebook content for example). WhatsApp reiterated that all messages are end-to-end encrypted and are not shared with the Facebook group of companies.

What businesses need to do

However, unlike a WhatsApp conversation between two users, which is protected by encryption, WhatsApping a business means that a number of people within the organisation might have access to messages. Furthermore, these conversations can be stored by business applications, such as for customer relationship management, and even shared with third-party service providers – including Facebook – to help better manage customer communications.

For businesses that use WhatsApp integration with communication tools, such as Telviva Touchpoint, it is advised that they review their own businesses privacy policy on the handling of users data. WhatsApp for Business customers will need to contract a local aggregation provider, such as Clickatell, who in turn interfaces with the WhatsApp platform. In order to ensure compliance, businesses will need to review the privacy policy of third-party aggregators, as well as take a closer look at how they handle user data.

This has anyway been a requirement for businesses in South Africa as per the Protection of Personal Information Act (PoPIA), which regulates how user information is to be collected, used, stored and protected – and comes into full effect in July 2021.

The full updated WhatsApp policy for users outside the European Region is here: https://www.whatsapp.com/legal/updates/privacy-policy

*WhatsApp has since extended the period by which people have to accept the terms of their new privacy policy to from 8 February to 15 May 2021.