Understanding Facebook’s Merger with Whatsapp and Instagram: Anti-Trust and Data Privacy Angle
Facebook's merger with Whatsapp and Instagram

Understanding Facebook’s Merger with Whatsapp and Instagram: Anti-Trust and Data Privacy Angle

Rohit Hebbale Ramkumar Rohit Hebbale Ramkumar

Rohit Hebbale Ramkumar

DPO & AI Compliance Officer | CIPP/E | OneTrust Trust Fellow & Fellow of Privacy Technology | Chess Player |

发布日期: 2019年11月2日
+ 关注

Background

The New York Times, on January 25th, reported that Facebook had plans to integrate its messaging services — Whatsapp, Instagram and Facebook Messenger — in a manner where the services will operate as stand-alone apps but their underlying technical infrastructure would be unified. It was supposed to have been implemented before the end of 2019, but the present goal of completion is by early 2020. Such unification entails a fundamental paradigm shift wherein the 2.6 billion users of the three apps can, for the first time, be able to communicate across the platforms, thereby increasing the utility Facebook as a whole. 

While Zuckerberg’s reasons for stitching the apps together might seem solely monetary at the onset; keeping users engaged in their ecosystem and bridging the gap between the Facebook-owned apps in terms of their varied popularity based on geographical location is imperative to create a walled-garden situation that is self-reliant, exclusionary and a revenue-generating machine in the long run. 

The proposed merger drew criticism not only by data privacy experts and authorities, who are vary of Facebook’s sketchy history of mishandling personal data of users, but also by regulatory agencies who are concerned by the anti-competitive nature of such a merger. Since the merger is in its preliminary stages, the information is limited. But this write-up seeks to understand the merger from a data privacy angle, and to a lesser extent, the anti-trust angle. 

Exploring Anti-Competitive Concerns

Republican and Democratic lawmakers alike, in the US, have raised red flags at the proposal, stating that competition was already being stifled by allowing Facebook in the following ways:

  • Gobbling up local talent based in Silicon Valley
  • Acquiring and integrating over 70 companies, majority being homegrown
  • Eliminating competition through high-profile horizontal mergers through the acquisition of Whatsapp and Instagram 
  • Consolidating market dominant position and creating a monopoly
  • Limiting regulation and oversight of large tech-players, with anti-trust agencies not prioritizing tech enough

However, the Justice Department in the US has not blocked a single acquisition and neither does the Sherman Act mandate that a company be broken up solely by virtue of it being too big nor is there enough economic evidence to prompt penalties or even pursue a break-up. Since the merger is in its conceptual stages, concerns might be alleviated or crop up along the way. In a statement, Facebook said: ‘We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks. As you would expect, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work.’

Exploring Data Privacy Concerns

Even when setting aside violations of competition law, Facebook has breached commitments to protect its subsidiaries’ data, and its autonomy, with case and point being Whatsapp and the merger could either be great for encryption and terrible for the economy and competition, or it could be terrible for both. Platform integration cannot come at the price of privacy disintegration, as a lawmaker pointed out. Whatsapp is the only offering amongst Facebook’s suite of apps that provides end-to-end encryption, stores minimal data and shows no adverts. Presently, a user of Facebook Messenger isn’t able to send a message to a Whatsapp user for the same reason. However, interoperability and compatibility cannot be allowed when it results in the downgrading of encryption. The solution would be to upgrade the quality of encryption of all three services.

The Irish Data Protection Authority was quick ask for an “urgent briefing” as it pointed out that that prior attempts to share and merge personal data between different Facebook companies had given rise to significant data protection concerns, and it reiterated that the merger could only occur in the European Union if it was capable of meeting all the requirements of the GDPR. 

Still, the move could fall foul to the principles of fairness, data minimization, purpose and storage limitation and security, integrity and confidentiality. Additionally, consent mechanisms have to be altered, proper standard contract clauses inserted to regulate international data transfers between the companies and realize data subject rights in a clearer, transparent manner. 

Currently, WhatsApp only requires a phone number to set up an account, whereas Facebook and Instagram requires people to use their real identity. Facebook tends to collect a greater quantum of data and uses it for a myriad of purposes to fuel its ad-based business model, which would be unreasonable of an expectation for a Whatsapp user to have. The technical infrastructure might be compromised in doing so as well. Clarifying bases of lawful processing would be key as CMPs would need to be integrated amongst the platform, and across mobile, website and app- based platform. Granular Consent will need to be provided and right to be informed strengthened given the labyrinth of data processing a data subject might have to navigate through. Sharing of data between the services with servers located in different countries would have to be supported by adequate technical and organizational measures, including assuring the data protection standards of the recipient, limiting its use to what the user has agreed to and properly highlighting their data retention policies for each of its services. Consent withdrawal mechanisms would also have to be granular and the accountability measures would have to be improved to assure the user of the safety of their data. Encryption between the three services would also have to translate to the Facebook app not utilizing any data being transferred through the messaging apps, thus creating a demarcation between its messaging services, its advertising platform which is integrated into its social media network. Matching data sets and combining different information from different sources need to ensure that it doesn’t cause significant legal effects to data subjects. Either way, multiple DPIAs must be conducted to take the mitigating measures necessary to make such a merger compliant with data protection laws. 

“When it comes to privacy, we can no longer give Facebook the benefit of the doubt,” a lawmaker stated. “Now that Facebook plans to integrate its messaging services, we need more than mere assurances from the company that this move will not come at the expense of users’ data privacy and security. This view comes from lawmakers and regulators focusing primarily on the fallout of the Cambridge Analytica scandal of last year, which resulted in over 87 million Facebook users being deceived into handing over a huge trove of their personal data.

Presently, it is too early to conclude which way the merger will go. But the surveillance by a Big Brother, fuelled not by a government, but by a multi-billion dollar international corporation is no longer a probability but a possibility. Unless EU, US and other regulators, both of competition and of data privacy, take a proactive stance in continuously scrutinizing the minute details of the merger and penalizing it for derogations to the full extent of the law, the tech industry will truly be like the Wild West. 

References

要查看或添加评论,请登录

Rohit Hebbale Ramkumar的更多文章

社区洞察

其他会员也浏览了