As we’ve commented before , the use of consumer grade messaging apps has spread its insidious tentacles throughout the working environment and it’s easy to see why. Effective communication is essential to getting the job done. With instant messaging, teams can communicate quickly and in real-time, without the delay of waiting for an email response. Geographically dispersed teams can communicate efficiently and remain engaged, improving effectiveness and productivity.
However, is a consumer grade app such as WhatsApp suitable for business communications?
GDPR compliance and liability
WhatsApp was primarily designed for personal use; a fact they make abundantly clear in their terms of service :
Legal And Acceptable Use. You must access and use our Services only for legal, authorized, and acceptable purposes. You will not use (or assist others in using) our Services in ways that: (a) […] (f) involve any non-personal use of our Services unless otherwise authorized by us.
After downloading WhatsApp users are presented with a popup that asks “WhatsApp Would Like to Access Your Contacts”. It goes on to explain, “Upload your contacts onto WhatsApp’s servers to help you quickly get in touch with your friends and help us provide a better experience”.
Agreeing to this means that all phone contacts are now accessible in WhatsApp, irrespective of whether they are business or personal contacts. The problem with this is your contacts haven’t given consent for a third party to process their data. This could be a breach of GDPR but who is liable?
The tricky business of data consent
Before using WhatsApp, all clients must “Agree & Continue” to accept the Terms of Service. Only once consent is given can users access the service. However, WhatsApp has been explicit in its terms that the app is only for your personal use and has sought the consent of the user for accessing contacts… so, when it comes to GDPR it’s not WhatsApp that needs to be concerned about data consent, it’s the user!
In most instances, it appears that individuals choosing to use WhatsApp for any business communications are in contravention of the terms of service. This limits WhatsApp’s liability in terms of GDPR as they have abdicated all responsibility to the user for seeking the consent of their contacts.
Be safe, or risk being sorry
Since the introduction of GDPR, organisations have taken great strides in understanding their responsibility towards safeguarding data. However, too often the security of mobile communications is overlooked when auditing such risks. It’s easy to do, just ask the owner of Amazon, Jeff Bezos, who was recently allegedly hacked via WhatsApp. Compromising the security of the wealthiest man in the world is no small undertaking.
What this episode, and the many others before it, highlight are that consumer grade apps are not designed for business use. WhatsApp doesn’t hide this fact, it’s written in the Terms of Service, but when did a user ever read those before clicking the ‘Accept’ button?
It’s time for organisations to stop side tracking the issue and provide their employees with the right tools to get the job done. The benefit is not only greater efficiency and productivity within your workforce but secure communications that don’t expose your business to cyber threats. A thought that has probably crossed Jeff Bezos’ mind quite a lot recently.
Armour’s solutions for secure communications work on everyday smartphones, tablets and Windows 10 desktops. With the same usability as consumer-grade apps, but with significantly enhanced security it could be the answer to your security needs.
Read how others have benefited:
Links to Sparten Case study and QuoStar Case study.
Contact us today to discuss a solution.