Data privacy and the anger over WhatsApp and Facebook, what is happening around us?

If you follow me on Twitter, I have written multiple tweets in following up on what is happening on this topic for months, but it is time to write a detailed, simplified, and easy-to-understand post for the average user to find out what is the cause of the problem that has arisen recently about the WhatsApp application and what are its origins, I will use in this post an application. WhatsApp ”for example, and you can apply the same aspects to any other application to find out the privacy of your data and what is the risk and benefit of sharing it, let’s start.

The components to talk about this topic are 5 elements:

• Application : such as WhatsApp.
• Operating System : Like iOS from Apple for iPhones.
• The advertising identifier (MAID = Mobile Advertising ID) : It is a fixed number for each device that the operating system issues and gives to the developer of any application that you download to your mobile phone, and this is the basis of the battle.
• Data : All that the application can know because of your downloading and use of this application, for example, on WhatsApp knows your number, your location if you use the location sharing feature, your contacts, your friends and family members with whom you correspond a lot, the groups in which you are a member, the topics you talk about and the pictures that you You share it, the videos you send, and, and, everything you do on WhatsApp the company can “see” but do you really see it? Viewing and benefiting from information is another issue, but data is in her possession.
• Privacy : is a framework for introducing:
  • What data does WhatsApp collect about you?
  • Where is he keeping it?
  • How does he treat it?
  • Does he benefit from it?
  • How long is data retained?
  • The mechanism of your forgetting, in the event that you decide that you do not want to use the application and want WhatsApp to delete everything related to you from its data centers, is there a way for this thing?

Question : Why did we single out the “advertising identifier” by itself, even though it is considered part of the data and can be combined with it?

Answer : Because the current problem revolves around the advertising identifier and not about the data as a whole, we will understand that in detail in the next lines.

Scenario (1) : How is the data collected by the applications disclosed and where does the user (you) be from this equation?

The operating system (2) such as iOS requires any application (1) such as WhatsApp to have a clear privacy policy (5) listed under the application in the application store and part of the application registration process when it is used for the first time contains all the data details (4) that The application collects it and the application developer gets it and how does he deal with it? No application, especially widely used, can be on the store without a clear and agreed privacy policy. UF, 4 of the 5 main elements mentioned above, ie element No. (3) or the advertising identifier? It does not exist because once you download the application, the application developer will get this number directly, by the way, this number is fixed for your mobile phone, and the same number that WhatsApp gets is the same number that Twitter will get when you download their application. (Yes, it can be changed, but it cannot be canceled).

Scenario (2) : What is the importance of the advertising identifier for a company such as Facebook?

The information that Facebook knows about you from your use of WhatsApp, Instagram, Facebook and Messenger gives it a complete picture of you as a person, what do you like and what you hate? How long does it take to convince you to buy a product or use an application? In the sense that Facebook has the ability to help advertisers (Bukhari Restaurant, for example) to create an Instagram advertising campaign that is very effective and its return is excellent due to the accuracy of the data that Facebook knows about users of its network of applications, which in turn will not show the ads of the Bukhari store except for people who are likely to go or do Demand from this restaurant is very high, well, that’s the power of data in general, but how does Facebook target these people? The answer is by using the advertising identifier, and for the sake of simplicity the advertising identifier can be considered your identity on the Internet, meaning that Facebook can adjust the settings of the aforementioned Bukhari restaurant campaign settings to reach only the people who live around this restaurant who constantly go to similar stores and send them advertisements for this restaurant

Scenario 3 : So what has changed in this equation?

Data collection (4) will not change as long as the application developer (1) discloses the data it collects in the privacy policy (5) and shows the mechanism for storing, processing and benefiting from it, and as long as the user (you) agrees without reading when you register in any application to the terms and conditions and policy Privacy, which has changed is that the operating system (2) will force applications to obtain user permission to collect an “advertising ID” (3) just as any application asks you for permission to allow alerts, or to allow the use of geographic location, this step Apple has promised since last year. And it set the date for the launch of iOS 14 for its application, but it came back and retracted and postponed the date indefinitely, until the Supreme Vice President of Apple Software Engineering stated that applications that do not comply with this procedure will be removed from the application store, until today no specific date has been announced for the application of this procedure.

Scenario (4) : How will Facebook be affected by such a modification of the advertising identifier collection mechanism?

Facebook with its applications (1) will continue to collect the data that it referred to in the privacy policy (5) for each application, but to benefit from it, it must obtain the advertising identifier (3) for the user, in order to direct its ads to him on the Internet, without this identifier the information that you know appears Facebook about you is “of little benefit”, but it is definitely not “useless”. This means that Facebook’s advertising income and its reputation for accuracy of its ads and its feedback to advertisers will be greatly affected. Facebook itself announced that it may lose 50% of its income through its Audiences advertising network.

Scenario (5) : How did the situation explode and worsen the situation?

Apple did not announce a specific date for the application of the new policy on requesting user permission to obtain the advertising ID, but Facebook preempted the situation and published full-page ads in two consecutive days ( December 16 and 17 ) in the most famous American newspapers denouncing Apple’s move

Then I posted a popup advertisement on WhatsApp on January 7 telling the user that on February 8th, you will have to give us permission to know your “advertising ID” and agree to substantial changes to the privacy policy or you will not be able to use WhatsApp at all.

I cannot analyze the reason that prompted Facebook to take such a step, especially since Apple did not set a date to start this policy, and may withdraw from it, but my personal analysis is that Facebook chose to anticipate events and take the shock early, but that apparently did not work, to enter the stage of extinguishing the fires She published a page to justify her step under the Frequently Asked Questions section on the WhatsApp site, which is described as naive, as it included what they do not see or process, but it did not address the data that they can see and benefit from.

This step shook the largest market of the WhatsApp application, which is India, which has 459 million active users of WhatsApp. The company was forced to publish an advertisement on the front page of the most famous Indian newspapers to justify its position. A non-profit for whom privacy is their # 1 responsibility.

Side thoughts on the topic:

• As a regular user, privacy is a requirement and its basic understanding is to determine whether an application is suitable for use or not, and the user’s rights culture and data privacy will be the subject of wider discussion for future generations, just as information crimes and their systems have crystallized after years of entering the Internet.
• What happens if I do not allow apps to obtain my advertising ID? Some applications will take a rough turn by preventing you from using the application, for example, and others will be lenient, but they will flood you with ads and these ads will be far from your interests because they do not know who you are, so I expect the rise of the paid subscription model for social networks, just like the YouTube Premium subscription that blocks all ads from you for a monthly fee (With other features).
• Online privacy has been a burning topic for years and one of its most famous regulations is the GDPR issued by the European Union and the CCPA issued by the state of California, and this is a nice comparison between the two systems .
• Where do we stand in the Saudi Internet community from these legislations and regulations? Multiple entities are making great efforts that are racing against time towards governing and framing the use of data in the Kingdom, and personally I do not hide my great admiration for the decision to establish the Saudi Authority for Data and Artificial Intelligence (SDAA) on August 30, 2019, and for the role it plays since then with regard to data specifically, in addition to what the Ministry of Communications and Information Technology and its affiliated body of legislation for data, its privacy, mechanisms for its use and preservation in the telecommunications market and technical applications, in any case, you can refer to:
  1. SADAYA: The National Data and Artificial Intelligence Strategy issued by the National Data Management Center .
  2. SADAYA: National Data Governance Policies issued by the National Data Management Center .
  3. General rules for maintaining personal data users privacy in the telecommunications sector and information technology issued by the Communications and Information Technology .
  4. Procedures for launching services or products based on users’ personal data or sharing personal data issued by the Communications and Information Technology Commission .

In conclusion, I would like to quote His Highness the Crown Prince on this aspect:

“We live in a time of scientific innovation, unprecedented technologies, and unlimited growth prospects, and these new technologies such as artificial intelligence and the Internet of Things, if used optimally, could spare the world a lot of harm and bring the world a lot of huge benefits. “

That is, data is a double-edged sword, good use of it will be in the interest of all platforms, users and business owners, and its misuse will inevitably cause harm to everyone and the digital economy in general.