whatsapp.com privacy policy — score 45/100 (high risk)

Τελευταία ανάλυση

Το περιεχόμενο της αναφοράς (περίληψη, ευρήματα, αποσπάσματα) δημιουργήθηκε στα αγγλικά και δεν έχει μεταφραστεί.

Νέα ανάλυση σε άλλη πολιτική

WhatsApp LLC · whatsapp.com

Λεπτομέρειες αναφοράς

high κίνδυνος

WhatsApp collects extensive metadata on your usage and device and shares it widely across Meta's family of companies, making it a concerning privacy choice despite its end-to-end encrypted messaging.

While WhatsApp provides end-to-end encryption for message content, the policy reveals massive metadata collection and broad data sharing with Meta companies for purposes including marketing and product improvement. The policy lacks transparency on international transfer safeguards and is entirely silent on AI training practices. For EU users, the reliance on WhatsApp Ireland Limited offers some GDPR coverage, but the global data flows and Meta integration present significant privacy risks.

Τελευταία ανάλυση
ΠηγήURL
Μήκος33,851 χαρακτήρες

Αξιολόγηση ανά κατηγορία

Ανάλυση της πολιτικής σε βασικούς τομείς συμμόρφωσης. Καλό = ισχυρό, μέτριο = μικτό, κακό = ανησυχητικό.

Data Minimizationpoor

Collects extensive metadata (battery level, signal strength, online status, interaction frequency) far beyond what is strictly necessary to deliver a messaging service.

Transparencyfair

The policy is clearly written and structured, but obscures the sheer volume of Meta sharing behind broad phrases like 'operate, provide, improve... and market.'

Third-party Sharingpoor

Data is broadly shared across the Meta family of companies for marketing and ad targeting purposes, and with unspecified third-party service providers.

International Transferspoor

Explicitly transfers data to the US and globally but completely omits mentioning the legal safeguards or transfer mechanisms used to protect EU data subjects.

AI/Model Trainingpoor

The policy is entirely silent on whether user data or metadata is used to train AI or machine learning models.

User Rightsfair

Basic rights like access and deletion are mentioned with in-app tools, but the policy lacks a comprehensive, explicit list of GDPR rights (like restriction, objection) and how to exercise them.

Βασικά ευρήματα

Σημαντικές ρήτρες, ζητήματα ή θετικές πρακτικές (κρίσιμα πρώτα)

Κρίσιμο

Broad Meta Data Sharing

The policy allows extensive data sharing with other Meta Companies for purposes beyond just providing the service, including marketing and showing relevant ads across Meta products, which raises serious GDPR proportionality concerns.

Κρίσιμο

Extensive Metadata Collection

Despite end-to-end encryption for message content, WhatsApp collects a vast amount of metadata (device info, usage logs, location, identifiers) which creates a detailed profile of the user's behavior and interactions.

Κρίσιμο

Vague International Transfer Safeguards

The policy admits to transferring data globally, including to the US, but fails to specify the legal mechanisms (like Standard Contractual Clauses) used to ensure EU-level data protection during these transfers.

Προειδοποίηση

Third-Party Contact Upload

The policy states users can upload their address books, meaning non-users' phone numbers are processed without their direct consent, although WhatsApp claims it manages this so individuals cannot be identified.

Περίληψη για τον χρήστη

Your messages are private, but everything around them—who you talk to, when, how often, on what device, and where you are—is collected and shared with Meta to profile you and target ads across their platforms.

Στάση συμμόρφωσης

The policy attempts to comply with GDPR by routing EEA users through WhatsApp Ireland Limited, but the broad data sharing with Meta companies and global transfers without explicit mention of safeguards like Standard Contractual Clauses represent substantial compliance gaps under EU law.

Μεταφορές ΕΕ

The policy explicitly states data is transferred to the US and globally using Meta's infrastructure, but fails to mention the legal mechanisms (like SCCs) used to legitimize these transfers post-Schrems II, which is a major red flag for EU compliance.

Εντοπισμένα σήματα

Συγκεκριμένα δεδομένα και πρακτικές που εντοπίστηκαν στο κείμενο

Δεδομένα που συλλέγονται
Mobile phone numberProfile nameProfile pictureAbout informationMessages (temporarily up to 30 days if undelivered)Address book contactsStatus informationPayment and transaction dataCustomer support communicationsUsage and log informationDevice and connection informationLocation informationCookie data
Σκοποί επεξεργασίας
Providing and improving servicesSafety, security, and integrityMarketing for WhatsApp and Meta CompaniesCommunicating with businessesPersonalizing features and contentShowing relevant offers and ads across Meta Company Products
Κοινοποίηση σε τρίτους
Other Meta Companies (Facebook, Instagram, etc.)Third-party service providersBusinesses on WhatsAppLaw enforcement and government requests
Διεθνείς μεταφορές
United StatesCountries where Meta affiliates are locatedCountries where service providers are locatedGlobal transfers for service provision

Αποσπάσματα αποδείξεων

Απευθείας αποσπάσματα από την πολιτική που υποστηρίζουν αυτά τα ευρήματα

We are one of the Meta Companies. You can learn more further below in this Privacy Policy about the ways in which we share information across this family of companies.

We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services...)

Your information may, for example, be transferred or transmitted to, or stored and processed in, the United States; countries or territories where the Meta Companies’ affiliates and partners... are located

You can use the contact upload feature and provide us, if permitted by applicable laws, with the phone numbers in your address book on a regular basis, including those of users of our Services and your other contacts.

Λείπει ή ασαφές

  • No mention of whether user data is used for AI or machine learning model training
  • No specific reference to the legal basis for international data transfers (e.g., SCCs or adequacy decisions) required under GDPR
  • No clear explanation of the specific categories of third-party service providers or a link to a subprocessor list
  • No explicit mention of the right to restrict processing or the right to object to profiling beyond the 'delete account' option

Ερωτήσεις προς υποβολή

  • What specific legal mechanism (e.g., Standard Contractual Clauses) does WhatsApp rely on to lawfully transfer EU user data to the United States?
  • How can users explicitly opt out of their metadata being used for marketing or ad targeting across the broader Meta Company Products?
  • Is any user data or metadata used to train AI or machine learning models, and if so, how can users object?
  • What exact data points are shared with other Meta companies when a user simply opens the app, versus when they actively use a feature?
Αυτή η ανάλυση δημιουργείται από AI και δεν αποτελεί νομική συμβουλή. Συμβουλευτείτε πάντα εξειδικευμένο νομικό για αποφάσεις συμμόρφωσης GDPR.

Κοινοποίηση αυτής της ανάλυσης

Οποιοσδήποτε με αυτόν τον σύνδεσμο μπορεί να δει το αποτέλεσμα παραπάνω.

Δημιουργήθηκε από το DentroChat

100% ευρωπαϊκό AI chat για όλους

Συνομιλήστε με AI, εργαστείτε με αρχεία, δημιουργήστε εικόνες και αναζητήστε στο διαδίκτυο. Τα δεδομένα παραμένουν στην Ευρώπη.

Υποδομή φιλοξενούμενη στην ΕΕΚείμενο, αρχεία, εικόνες και αναζήτηση webΛειτουργίες Γρήγορη, Σκέψη και ΔημιουργικήΠροτεραιότητα στην ιδιωτικότηταΚανένα δεδομένο δεν φεύγει από την Ευρώπη
Δοκιμή δωρεάν →