It’s been months since I deleted my account from Whatsapp. However, other users continue to see my active profile and write to me. Among these, unaware of my decisions, some were concerned about not receiving a response, while others were probably angry. The numerous messages and open tickets to support and even the DPO were no use because nothing has changed.
The FAQ states, “It may take up to 90 days from the beginning of the deletion process to delete your WhatsApp information.”. I am considering other initiatives, indeed. All this shows how a Whatsapp user has no control over their personal data.
Whatsapp adopts a centralized and proprietary system, but it is the most widely used service globally and, paradoxically, for work. Everyone is certainly free to choose and likewise to make appropriate considerations. It would be worth asking whether, beyond the message encryption system, there are all the conditions provided by the current legislation on the protection of personal data (GDPR for Europe) to consider lawful the processing of personal data by owners who use Whatsapp for work.
I would have a few concerns. However, this is not the case; let’s try to ask someone if they use Whatsapp, even for work. I am serious: I say “for work”. Do you know how many people use Whatsapp for work? Let’s guess. Indeed, I know that everybody knows, and – from my perspective – this is a worrying problem (aware or unaware). The app’s enormous popularity is certainly no excuse. Nor is the use of other solutions such as Signal and Telegram justifiable, at least for their centralized system.
Ah, I forgot that the mentioned apps, like others based more or less on the same system (I remember that they were born using the XMPP protocol and then underwent a transformation), require a mobile number that is personal data. To the question “How to find your way around?” the answer is simple: just search the Web. Moreover, there are open source solutions with high levels of security and built, moreover, on decentralized or distributed architectures. These technical features (encryption, decentralization, distributed systems, federations and more) allow the user to have complete control of his personal data in compliance with the current legislation (recital 7 of GDPR).
Each user registers on one of the Matrix sever by creating an account with a username and password; the email address is optional and is used to send system communications (e.g., password recovery). One of these solutions, which is best known and has considerable success on the Web, is Matrix.
Moreover, Matrix does not require a mobile user number for registration and access.
A few days ago, someone shared with me his remarks stating that, with the use of Matrix, Municipalities could configure their server and citizens would register with an “identity server” (helpful to manage identities, for example, through the Italian SPID, PEC or other suitable solution).
In this way, there would be no doubt about users’ digital identity who could communicate with the administration. The solution - if well configured - turns out to be adherent to personal data protection regulations, compliant with ethical principles and sustainable. However, this is only one of the hypotheses of application configuration of Matrix resource since it is possible to use it also for other things. Matrix, however, is not the only solution.
These solutions also allow the user to have complete control over their data and, as with Matrix, a mobile user number is not required. A separate mention deserves the DeltaChat project, which allows you to exchange messages like other apps without creating accounts using your email address.
ProtonMail, finally, is the mail service I prefer for its service features and high levels of security. The same company also provides ProtonVPN, a robust VPN and, still in the testing phase, also ProtonDrive (a cloud drive that is defined as “end-to-end encrypted cloud storage service”) and ProtonCalendar (a cloud calendar).
The overall plan is to offer different services.
The difficulty, therefore, is not in the search for technological solutions but the cultural background and habits of people. It would be the case (and perhaps also the time) to reflect on these aspects and not behave in a certain way “just because everyone does it”. The equation “everybody does it = it’s fine” is not always correct; on the contrary.
Change entails - perhaps - sacrifices, but one cannot be as unaware as
"Who lived without infamy or praise." (Dante Alighieri)