Why did Continental order its mobile workforce to stop using WhatsApp?

Four examples how WhatsApp is unsuitable for post-GDPR business communication

  • Consent: WhatsApp has come under fire for automatically uploading users’ entire address books (even with the details of non-WhatsApp users). It’s also unclear exactly what data is extracted from address books, how it’s processed, and what is shared with the parent company Facebook.
  • Loss of control: Being a consumer-grade tool, WhatsApp is tied to the users’ phone number. Typically this is a personal number that’s also used for business. If an employee leaves, they’ll still have access to potentially confidential chats, full chat histories, files, and of course contacts.
  • Request for information. Under GDPR, companies are obliged to report on (and delete if requested) all personal identifiable information about an individual. Because WhatsApp is most likely connected to a user’s individual account, companies lose the ability to centrally audit the app, and enterprises lose the ability to inform customers how this data is being handled.
  • Data portability: If you are in the EU, it’s worth noting that WhatsApp sends your account and communication related meta data, and contacts to its U.S based servers. Under GDPR you need a legitimate reason for doing this, and consent to share that information would be required. It’s also unclear what metadata WhatsApp holds on users.

Could your business survive the reputational damage caused by a breach of client data?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store