The advisory followed WhatsApp’s new data policy which if accepted by users would allow the company collect sensitive data such as “transactions and payments data” and “messages (including undelivered messages, media forwarding),” amongst others.
Speaking to THE WHISTLER in a phone interview on Wednesday, an official of NITDA who pleaded anonymity said the advisory was to caution “people that share something sensitive on that particular platform (WhatsApp) to be very careful.”
The official noted that WhatsApp is end-to-end encrypted while Facebook, Instagram and Twitter are not.
He, however, explained that users’ data and other things they post on WhatsApp could be shared with Facebook and Instagram, which he said are not end-to-end encrypted.
“…they have the records and that is why they tell you that you have these number of posts, replies, pictures,” he said, adding that, “So, now they have connected it [WhatsApp] to Facebook and Facebook owns WhatsApp. People can choose to migrate to the new policy or not.”
Rather than jettison the plan, WhatsApp announced that beginning from May 15, 20121, users would gradually be unable to reject sharing of certain data with its parent company.
“After giving everyone time to review, we’re continuing to remind those who haven’t had the chance to do so to review and accept [the new policy]. After a period of several weeks, the reminder people receive will eventually become persistent,” WhatsApp said, adding that after persistent reminder, users will “encounter limited functionality on WhatsApp until you accept the updates.”
It said over time, users would be unable to access their chat list and would subsequently be blocked from responding to messages or making voice and video calls.
“It is just like you entering a commercial vehicle and I’m advising you that don’t enter that car because the breaks have some issues, but you can enter it to where you want to go if you like. It is as simple as that,” he said.
“For someone, it is not a big deal, for others it is. Take for example the National Identification Number. People are scared as to why they are being asked to submit their personal data (phone number). So, its different people, different perception. Personally, I’m still using WhatsApp because I don’t have any data that I would share and be afraid that it may be tapped. All my social media handles are my valid identification and valid emails because I am not scared of anything.”
NITDA had in a statement on Tuesday said it was aware that WhatsApp is the social media platform of choice for Nigerians as millions of citizens use it for business, social, educational, and other purposes.
The agency, however, warned that even though private messages shared via WhatsApp are encrypted and not seen by the company, “…the metadata (data about the usage of the service) which is also personal information is shared with other members of the Facebook Group.”
In a public advisory published on its website and signed by its head of corporate affairs and external relations, Hadiza Umar, NITDA said it owed it a duty to advise Nigerians on how Facebook’s business decisions affect their privacy rights.
The agency advised Nigerians to, “note that there are other available platforms with similar functionalities which they may wish to explore. Choice of platform should consider data sharing practices, privacy, ease of use among others,” adding that citizens should, “Limit the sharing of sensitive personal information on private messaging and social media platforms as the initial promise of privacy and security is now being overridden on the bases of business exigency.”
NITDA said the following datasets are collected by WhatsApp:
- Account information;
- Messages (including undelivered messages, media forwarding);
- Status information;
- Transactions and payments data;
- Usage and log information;
- Device and connection information;
- Location information;
- Cookies etc.
Other information collected by Whatsapp include:
- Battery level;
- Signal strength;
- App version;
- Browser information;
- Mobile network;
- Connection information (including phone number, mobile operator or ISP), language and time zone;
- Internet Protocol address;
- Device operations information;
- Social media identifiers.