Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now

WhatsApp fails almost all criteria for data protection

While Apple, Yahoo and Dropbox received full marks for their respective privacy policies.

Image: Patrick Sison/AP Photo

IF YOU WANT to make sure your data is safe from the government’s prying eyes, it’s better to use Dropbox and Apple products and avoid WhatsApp, according to a new report.

The Electronic Frontier Foundation (EFF), a non-profit digital rights group, has released its fifth ‘Who’s Got Your Back‘ report, an annual privacy scorecard which ranks the biggest technology companies on their transparency policies and how protective they are of users’ data.

Of all the services analysed, WhatsApp fared the worst and was criticised for falling short on almost all criteria in its first full year in the report.

While its parent company Facebook met most of its criteria, WhatsApp was criticised for not publishing any information about data requests, alerting users about disclosures or even requiring a warrant from law enforcements before providing user data.

This is WhatsApp’s first year in the report, and although EFF gave the company a full year to prepare for its inclusion in the report, it has adopted none of the best practices we’ve identified… WhatsApp is notably lagging behind.

Google was another company criticised for its report, having received three stars out of five compared to full marks last year.

The report said the company should tell users the full extent of its data retention, and give notice to users about data requests after an emergency has ended or a gag has been lifted.

Nine companies earned full marks for each category including Apple, Adobe, Dropbox, Wikimedia, Wordpress and Yahoo.


The report uses five criteria to assess each service. They include:

Industry-accepted best practices: Whether the company requires the government to obtain a warrant from a judge before handing over data, if it publishes a transparency report, and if it publishes law enforcement guides explaining how they respond to government requests.

Telling users about government data requests: Companies must promise to tell when any government seeks their data unless prohibited by law, giving users a chance to defend themselves against overreaching government demands for their data.

Publicly disclose the company’s data retention policies: Highlighting which companies disclose how long they hold onto users’ data that isn’t accessible to the user.

Disclosure: Highlighting the number of times governments seek user data and how often the company complies. Publishing transparency reports would be an example of this.

Pro-user public policies: Which companies take a public stance against backdoors and mass surveillance.

Some companies like Snapchat weren’t ranked on content removal requests since they either don’t host content for it to be relevant or retain data for long periods of time.

Read: Airbnb is about to be worth more than almost any hotel chain in the world >

Read: Own a Samsung device? It may have a major security flaw >

About the author:

Quinton O'Reilly

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel