Even if it is convenient and everyone already seems to be using it, WhatsApp should never be used for communication in companies, as the app from Facebook does not even meet the most basic data protection standards.
Even the popular alternative, Telegram, has significant weaknesses regarding data protection which will be summarized in this article.
Since personal data is continuously exchanged when communicating with instant messengers, data protection must be taken seriously. This is not always easy—especially not when the data is stored on servers around the world.
The chat message can best be compared to the email. And this shows: a good messenger is superior to an unencrypted email in terms of data protection. So, there is no reason to generally forego the use of messengers as a confidential means of communication. Only certain apps are taboo, as we shall see.
From the point of view of the data protection officer, the most important criteria for a good messenger are quickly formulated:
1. Location of the server: Proximity to major markets and customers is an advantage.
2. Business model: The messenger should not be financed through advertising that uses the data sent.
3. Encryption: Good end-to-end encryption should be the standard for a data protection-compliant messenger.
4. Address data: The local address book should not be read by the messenger.
5. Protocol: The instant messaging protocol used should be openly standardized.
6. Backup option: The data should also be able to be saved locally without restriction, if desired, not just in the cloud.
These six criteria are important from a data protection perspective. In addition, there are also other criteria that are essential considering confidential communication:
- Deactivation of the account: The account should be able to be deleted via the app.
- Display of activities: It should be possible to switch off the message “is typing”, and the same applies to the "Received / Read" display.
If we now check all common messengers according to these criteria, two of the world's most widely used instant messengers seem to neglect their duties in particular:
1. There is WhatsApp, which is used by around two billion people around the world for communication but suffers from the inadequate data protection of the parent company Facebook. A privacy advocate cannot give a “Like” to WhatsApp partially due to the increasing integration with the parent company, Facebook:
- Business model: Facebook earns its money with personalized advertising, which, in view of the ever-closer interlinking of the various products of the group, also poses a danger for WhatsApp.
- Location: WhatsApp does not store the data on servers within the EU or the EEA.
- Protocol: WhatsApp is the only messenger in the test that does not have a standardized, open protocol.
- Address book: Perhaps most critical from the point of view of data protection is the necessary access from WhatsApp to the local address book.
- The end-to-end encryption of group chats, which is possible with WhatsApp, should be positively emphasized. But here too it must be criticized that, although content is transmitted in encrypted form, metadata is not—the group can in principle see who meets whom and at what time.
- Lastly, WhatsApp Business is also not recommended. The order processing contract with Facebook does not even contain the minimum information on data processing and data transmission. In addition, the integration with the data octopus Facebook should also be emphasized here.
2. Surprisingly, there is also Telegram, the shooting star among messengers with around 400 million users worldwide, which many (wrongly) consider a safe WhatsApp alternative. The fact that WhatsApp's public image has now been somewhat tarnished is used by Telegram to its advantage. The Telegram service has been founded by the exiled Russian entrepreneur Pavel Durov and has two tangible advantages: the business model, which is not based on advertising, and the openly standardized protocol. Still, Telegram can by no means be recommended as a safe alternative to WhatsApp. As far as the location of the servers is concerned, Telegram is hardly safer than WhatsApp—the data is stored all over the world, including in countries that cannot be considered secure, especially from a European perspective. It gets worse with encryption options, as Telegram even lags behind WhatsApp because there are no encrypted group chats.
Two thumbs down from our side when it comes to office use.