whatsapp.com privacy policy — score 45/100 (high risk)

Viimati analüüsitud

Aruande sisu (kokkuvõte, leitud asjaolud, tsitaadid) on genereeritud inglise keeles ja seda pole lokaliseeritud.

Käivita uus analüüs teise poliitika kohta

WhatsApp LLC · whatsapp.com

Aruande üksikasjad

high risk

WhatsApp collects extensive metadata on your usage and device and shares it widely across Meta's family of companies, making it a concerning privacy choice despite its end-to-end encrypted messaging.

While WhatsApp provides end-to-end encryption for message content, the policy reveals massive metadata collection and broad data sharing with Meta companies for purposes including marketing and product improvement. The policy lacks transparency on international transfer safeguards and is entirely silent on AI training practices. For EU users, the reliance on WhatsApp Ireland Limited offers some GDPR coverage, but the global data flows and Meta integration present significant privacy risks.

Viimati analüüsitud
AllikasURL
Pikkus33,851 märki

Kategooriate kaupa hinnang

Poliitika jaotus peamistele vastavusaladele. Hea = tugev, keskmine = segane, nõrk = muret tekitav.

Data Minimizationpoor

Collects extensive metadata (battery level, signal strength, online status, interaction frequency) far beyond what is strictly necessary to deliver a messaging service.

Transparencyfair

The policy is clearly written and structured, but obscures the sheer volume of Meta sharing behind broad phrases like 'operate, provide, improve... and market.'

Third-party Sharingpoor

Data is broadly shared across the Meta family of companies for marketing and ad targeting purposes, and with unspecified third-party service providers.

International Transferspoor

Explicitly transfers data to the US and globally but completely omits mentioning the legal safeguards or transfer mechanisms used to protect EU data subjects.

AI/Model Trainingpoor

The policy is entirely silent on whether user data or metadata is used to train AI or machine learning models.

User Rightsfair

Basic rights like access and deletion are mentioned with in-app tools, but the policy lacks a comprehensive, explicit list of GDPR rights (like restriction, objection) and how to exercise them.

Peamised leitud asjaolud

Märkimisväärsed klauslid, probleemid või head tavad (kriitilised esimesena)

Kriitiline

Broad Meta Data Sharing

The policy allows extensive data sharing with other Meta Companies for purposes beyond just providing the service, including marketing and showing relevant ads across Meta products, which raises serious GDPR proportionality concerns.

Kriitiline

Extensive Metadata Collection

Despite end-to-end encryption for message content, WhatsApp collects a vast amount of metadata (device info, usage logs, location, identifiers) which creates a detailed profile of the user's behavior and interactions.

Kriitiline

Vague International Transfer Safeguards

The policy admits to transferring data globally, including to the US, but fails to specify the legal mechanisms (like Standard Contractual Clauses) used to ensure EU-level data protection during these transfers.

Hoiatus

Third-Party Contact Upload

The policy states users can upload their address books, meaning non-users' phone numbers are processed without their direct consent, although WhatsApp claims it manages this so individuals cannot be identified.

Kokkuvõte kasutajale

Your messages are private, but everything around them—who you talk to, when, how often, on what device, and where you are—is collected and shared with Meta to profile you and target ads across their platforms.

Vastavusseisund

The policy attempts to comply with GDPR by routing EEA users through WhatsApp Ireland Limited, but the broad data sharing with Meta companies and global transfers without explicit mention of safeguards like Standard Contractual Clauses represent substantial compliance gaps under EU law.

EL-i ülekanded

The policy explicitly states data is transferred to the US and globally using Meta's infrastructure, but fails to mention the legal mechanisms (like SCCs) used to legitimize these transfers post-Schrems II, which is a major red flag for EU compliance.

Tuvastatud signaalid

Tekstis tuvastatud konkreetsed andmed ja tavad

Kogutud andmed
Mobile phone numberProfile nameProfile pictureAbout informationMessages (temporarily up to 30 days if undelivered)Address book contactsStatus informationPayment and transaction dataCustomer support communicationsUsage and log informationDevice and connection informationLocation informationCookie data
Töötlemise eesmärgid
Providing and improving servicesSafety, security, and integrityMarketing for WhatsApp and Meta CompaniesCommunicating with businessesPersonalizing features and contentShowing relevant offers and ads across Meta Company Products
Jagamine kolmandate osapooltega
Other Meta Companies (Facebook, Instagram, etc.)Third-party service providersBusinesses on WhatsAppLaw enforcement and government requests
Rahvusvahelised ülekanded
United StatesCountries where Meta affiliates are locatedCountries where service providers are locatedGlobal transfers for service provision

Tõendite väljavõtted

Otsesed tsitaadid poliitikast nende leidude toetuseks

We are one of the Meta Companies. You can learn more further below in this Privacy Policy about the ways in which we share information across this family of companies.

We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services...)

Your information may, for example, be transferred or transmitted to, or stored and processed in, the United States; countries or territories where the Meta Companies’ affiliates and partners... are located

You can use the contact upload feature and provide us, if permitted by applicable laws, with the phone numbers in your address book on a regular basis, including those of users of our Services and your other contacts.

Puudub või ebaselge

  • No mention of whether user data is used for AI or machine learning model training
  • No specific reference to the legal basis for international data transfers (e.g., SCCs or adequacy decisions) required under GDPR
  • No clear explanation of the specific categories of third-party service providers or a link to a subprocessor list
  • No explicit mention of the right to restrict processing or the right to object to profiling beyond the 'delete account' option

Küsimused, mida küsida

  • What specific legal mechanism (e.g., Standard Contractual Clauses) does WhatsApp rely on to lawfully transfer EU user data to the United States?
  • How can users explicitly opt out of their metadata being used for marketing or ad targeting across the broader Meta Company Products?
  • Is any user data or metadata used to train AI or machine learning models, and if so, how can users object?
  • What exact data points are shared with other Meta companies when a user simply opens the app, versus when they actively use a feature?
Selle analüüsi genereerib tehisintellekt ja see ei ole õigusnõuanne. Vastavusotsuste puhul konsulteeri alati kvalifitseeritud juristiga.

Jaga seda analüüsi

Igaüks, kellel on see link, saab ülalolevat tulemust vaadata.

DentroChati loodud

100% Euroopa tehisintellektivestlus kõigile

Vestle tehisintellektiga, tööta failidega, loo pilte ja otsi veebist. Andmed jäävad Euroopasse.

EL-is majutatud infrastruktuurTekst, failid, pildid ja veebiotsingKiire, Mõtlemise ja Loova režiimidPrivaatsus vaikimisi esikohalÜkski andme ei lahku Euroopast
Proovi tasuta →