It is not only private individuals who use Facebook's WhatsApp messenger service, but also increasingly companies. For example, there are pharmacies that have patients send them prescriptions as photos via WhatsApp. But insurance brokers are also using WhatsApp to conveniently settle their clients' claims. In all cases, this is not in compliance with the GDPR, i.e. a clear violation..
Automatic access to contacts is the problem
If you use WhatsApp Business and think that this is enough to protect your data, you are mistaken. As far as data protection is concerned, the business version is no different from the private version.
WhatsApp regularly sends telephone numbers with names stored in the address book of the smartphone to the head office. There, it is checked whether these contacts also use WhatsApp. If so, this is displayed to the user.
This means that personal data of contacts of the smartphone user are sent to the USA without the consent of the persons concerned.
With a prudent basic security setting for the app during the initial installation, you can prevent WhatsApp from accessing your contacts. However, if you change this setting again afterwards, the address book is immediately searched and sent to WhatsApp. Here, neither privacy by default nor privacy by design is implemented according to the GDPR (Art. 25 (1) - Data protection by design and by default). The point here is that the basic settings should be DSGVO-compliant and not per se everything released and you automatically agreed to everything.
DSGVO-compliant alternative to WhatsApp
Especially companies that want to use a secure and DSGVO-compliant chat with their customers get a real alternative with RocketChat. RocketChat is free open-source software that can be hosted by providers in Germany or installed and used on your own servers. Group chats, file exchange and even video and audio conferences are possible. The beauty is that RocketChat can be used via apps (for Linux, Mac OS X, Windows, iOS and Android) as well as via a browser. The large number of plug-ins makes it possible, for example, to integrate it into your website or even to translate it in real time.
Conclusion
We ourselves have been successfully using RocketChat for years, not only for our internal communication, but also for customers and administrative areas of counties. At the end of the day, the responsible parties have to take responsibility if the GDPR is violated when chatting. With RocketChat, this is technically feasible.
