Select your country

Not finding what you are looking for, select your country from our regional selector:


Facebook Messenger and Whatsapp: is your data private?


Privacy, data monetization, encryption... here’s what you need to know about those popular apps. 

WhatsApp: a delayed update

On January 15, 2021, nearly ten days after WhatsApp’s updated terms of use were announced, causing an outcry on social networks around the world, WhatsApp posted on its blog: “We’re now moving back the date on which people will be asked to review and accept the terms. No one had their account suspended or deleted on February 8.  

A new date has been set for updating the terms of use: May 15, 2021.  

This gives users more time to understand how their data is being used by WhatsApp and Facebook. We humbly attempted to understand this better ourselves and present the results of our readings in this article.  

Facebook Messenger and WhatsApp: how is user data secured?


WhatsApp uses end-to-end encryption to secure user interactions. In a dedicated FAQ, WhatsApp states, “End-to-end encryption ensures only you and the person you’re communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp.  

This encryption is automatic: no need to activate any settings. 

Note that the encryption protocol is the Signal protocol (which is open source).  

Facebook Messenger 

In general Facebook Messenger encrypts messages in the same way as WhatsApp. The only difference is, that the encryption is not automatically activated. To do so, you must activate the “secret conversation“ mode. Instructions on how to do this can be found here


Facebook Messenger and WhatsApp: are communications private?

Facebook Messenger 

The same data use policy applies to all Facebook products except WhatsApp, which is not listed.  

Facebook states: “We collect the content, communications and other information you provide when you use our Products. 

To the question, does Facebook have access to Messenger user conversations? The answer is yes unless they are encrypted.  


In Europe, WhatsApp’s Privacy Policy is effective as of April 24, 2018.  

Concerning privacy, WhatsApp states: “End-to-end encryption means that your messages are encrypted to protect against us and third parties from reading them. 

WhatsApp also specifies that messages are stored on user devices. Messages are deleted from servers after they are distributed unless they cannot be sent (30 days retention) or when content is considered “popular“ (such as repeatedly shared videos).  

Does WhatsApp have access to user conversations? The answer is no (except in the exceptional cases mentioned above). 

Facebook Messenger and WhatsApp: is data shared with advertisers?

Facebook Messenger 

On its site, Messenger specifies that it does not use “the content of your messages with other people for ad targeting, which means advertisers can’t target you based on what you say in messages.   

However, its Data Policy states: “We use the information we have about you-including information about your interests, actions and connections-to select and personalize ads, offers and other sponsored content that we show you. 

It’s therefore not possible to completely exclude that unencrypted communications may be used for marketing purposes. However, it’s essential to specify that the data that Facebook conveys to advertisers is “anonymized,” as explained quite clearly in the screenshot below:

Facebook Ads

Data transmission between Facebook and advertisers. Source: 


As part of its Privacy Policy (April 24, 2018), WhatsApp states that it does not allow banner ads from independent third parties on WhatsApp.  

The company also specifies that it permits communication between companies and its users, “We will allow you and third parties, like businesses, to communicate with each other using WhatsApp, such as through order, transaction, and appointment information, delivery and shipping notifications, product and service updates, and marketing.  

To summarize, WhatsApp does not display banner ads. But it allows companies that a user is already in contact with to offer marketing content through the application

To date, do Facebook and WhatsApp use user data for ad targeting?

This question has raised the most concern among users. It is also the one we find the most difficult to answer accurately. Here’s what we can tell from reading the content produced by WhatsApp and Facebook. 

In a FAQ page dedicated to the exchanges between the two entities, WhatsApp writes that today, Facebook does not use WhatsApp account information “to improve your Facebook product experiences or provide you more relevant Facebook ad experiences on Facebook.  

A sentence that does not, however, exclude that advertisements can be proposed outside of the social network. Further, WhatsApp states it is looking for “ways to build a sustainable business,” including “exploring ways for people and businesses to communicate using WhatsApp,”. An exploration that leads the company to “include working with the other Facebook Companies to help people find businesses they’re interested in and communicate with via WhatsApp. 

Again, it seems impossible to completely rule out the hypothesis that the two entities exchange data for offering advertising targeting.  

Facebook Messenger and WhatsApp: where are users’ data hosted?

Both Facebook Messenger and WhatsApp explain that user information is “transferred or transmitted to, or stored and processed in, the United States or other countries,“ without mentioning which ones.  

Both companies also state that they rely on the “adequacy decisions of the European Commission. As it explains on its website: “The European Commission has the power to determine, on the basis of article 45 of Regulation (EU) 2016/679 whether a country outside the EU offers an adequate level of data protection. The adoption of an adequacy decision involves a proposal from the European Commission, an opinion of the European Data Protection Board, an approval from representatives of EU countries, the adoption of the decision by the European Commission.  

In other words, Facebook declares that it complies with the EU instructions on data transfer and storage.  

RGPD compliance: Facebook on thin ice

While it is not our role to judge how Facebook and WhatsApp process user data, we would like to emphasize that understanding the Terms of Use and the various privacy policies remains a complicated process. The use of abstract vocabulary makes the exercise particularly difficult.  

However, as the French Commission for Information Technology and Civil Liberties states on its website[1], “the GDPR[2] requires complete and accurate information. Transparency allows the people concerned: to know the reason for various data collections concerning them, to understand the processing that will be done with their data, to ensure control of their data by facilitating the exercise of their rights. For data controllers, it contributes to fair data processing and establishes a relationship based on trust with the data subjects.  

Today, unfortunately, it’s this “relationship based on trust“ that Facebook is struggling to rebuild. The firm has until May 15, 2021, to win back its users’ hearts.  

Notes :  

  1. Commission Nationale de l’Informatique et des Libertés 
  2. General Data Protection Regulation  

Incident Response Hotline

Ein Cybersecurity Incident, bei dem Sie sofortige Hilfe benötigen?

Kontaktieren Sie unsere 24/7/365 Incident Response Hotline.