Is Facebook’s Update to WhatsApp Privacy Rules Really a Problem?

By Aurelien Portuese

Facebook recently updated WhatsApp’s privacy rules so that the messenger app could share user data with other parts of the Facebook company. This has caused big buzz among those who claim Internet platforms are playing a little too much with such rules and that this ultimately generates user distrust and might compromise free speech. But is this really a privacy or an antitrust problem, or yet another example of a conflated, little understood issue? For those who cherish innovation and truly adhere to competition principles, it’s neither one, nor the other.

Not a data privacy issue

First, if the issue is one of data privacy rules, then the case would be settled. In the European Union, where the cumbersome General Data Protection Regulation (GDPR) sets data privacy obligations much stringent than any of those experienced in the United States, it has been recently decided that Facebook’s privacy rules are compliant with Europe’s most stringent regulations. Indeed, in a judgment delivered on December 28, 2020, the Austrian Supreme Court has considered that the claimant, Mr. Schrems, could not prevent Facebook from processing personal data since Mr. Schrems, as any other Facebook user, has agreed with Facebook enabling the company to process users’ data. The shift from a consent-based to agreement-based processing of personal data demonstrates the users’ willingness to access the services without separate consents and without users’ ability to withdraw their consents subsequently once they have entered a contractual agreement with Facebook. This contract-based processing of personal data is fully compliant with the GDPR. This licit change could be made possible by changing the terms and conditions of Facebook so that users could give unconditional approval for the agreement.

A similar shift from a consent-based to an agreement-based privacy rules is currently underway for WhatsApp. Users will no longer have to give separate consent, and uphold or withdraw this consent back and forth; the agreement now provides greater clarity and commitment by users to process their data according to contractually embedded terms and conditions. Therefore, if it is not a data privacy issue in Europe where data regulations obligations represent more stringent obligations, this shift from a consent-based toward agreement-based privacy terms and conditions cannot infringe any of the users’ rights to privacy.

Not an antitrust concern

While it is not a data privacy concern, the update of WhatsApp’s terms and conditions cannot be an antitrust concern either. The update has a minor impact on privacy. But, for the sake of argument, let’s assume that this update eventually decreases data protection. Such a decrease may be considered a “quality degradation” of the product.

Let’s further assume that such quality degradation is an antitrust issue. Antitrust concerns broadly fall into two main categories: exploitative abuses, where consumers are harmed, and exclusionary abuses, where rivals are harmed. Could WhatsApp’s update of its privacy rules be an exploitative abuse? Being provided for free, WhatsApp may have harmed consumers only to the extent that some consumers would have preferred keeping the old privacy rules. Then, the switching costs and the exit costs being extremely low, users can choose to migrate toward other platforms. This is precisely what happened when several personalities claimed to have switched to other apps, notably Signal. Here, Facebook’s alleged monopoly is proven to be a myth: users switch to rivals and make these platforms compete based on several features, including privacy rules; users are not harmed, competition is robust.

Could WhatsApp’s update of its privacy rules be an exclusionary abuse? Of course not. Rivals are either unharmed, or even favored, should users choose to migrate toward them. Again, there is no rivals’ harm, but rather rivals’ benefits. It cannot be an antitrust concern when a company’s own decisions harm neither users, nor rivals. It is instead the very process of competition.

Nevertheless, following WhatsApp’s update of privacy rules, the competition authority of Turkey has launched investigations to assess if Facebook’s update violates Turkish competition laws. Such decision ignores the sheer aspect that competition doesn’t take place within the Facebook group — as if users were locked within the group with no outside alternatives — but rather across platforms; users switch easily and instantly, thus highlighting aggressive competition involving many features, including privacy rules. It is the very process of competition to compete over not only price, but quality and characteristics, which include privacy rules.

Antitrust populists may assume that Facebook’s update violates privacy rules. This would mean that we may be charmed by a conclusion that the European courts themselves have refused to adopt despite more stringent laws applicable. Antitrust populists may equally conclude that Facebook’s update violates antitrust rules. This would mean that we would embark on the Turkish route despite the absence of any harm, and we would consider an aggressively competitive environment across platforms, over privacy models. As a form of rejecting populism, it’s important to see Facebook’s update for what it is: a marginal change in an already competitive environment where users increasingly choose platforms depending on the variety of differentiated features that these platforms offer.

Aurelien Portuese (@A_Portuese) is director of antitrust and innovation policy at the Information Technology and Innovation Foundation (ITIF). This article first appeared as an Innovation Files post on

The Information Technology and Innovation Foundation is a think tank focusing on the intersection of technological innovation and public policy.