Michael wrote to WhatsApp explaining that as a result of Brexit, Gibraltar had implemented GDPR equivalent legislation into domestic law, known as the “Gibraltar GDPR” .
“Gibraltar GDPR has the same rights and standards, and the same extra territorial effect provisions as the GDPR and the UK GDPR. So even if your organisation is not based in Gibraltar but you offer goods or services into Gibraltar, or if you monitor the behaviour of our residents, local data protection law can apply.”
"The fix was simple. WhatsApp wrote back saying they would be making amendments and when I checked again, Gibraltar had been included.”
Michael said the development was important to ensure privacy standards are maintained in a post-Brexit environment.
“We must try to align ourselves as closely as possible to European Data Protection standards. Being bundled in with the Rest of the World would have made it harder for local users to enforce their privacy rights - it certainly would have placed them at a severe disadvantage compared to their European counterparts”.
This has come at a time of increased global scrutiny of WhatsApp and its privacy practices, in particular following changes that were announced making the mandatory sharing of data with business partner and social media behemoth, Facebook.
In reference to safety, Michael says that “safe is a relative term” depending on the content of the information, but that not much has changed for individual users and that he would, for the time being, continue to use WhatsApp for social purposes.
As regards confidential information, end to end encryption is still a central feature of the service, meaning that WhatsApp cannot see the messages themselves. However, Michael acknowledged that WhatsApp had been criticised when compared to other instant messaging service providers as to the volume of metadata it shares with third party partners and urged caution.
“You need to think carefully when using instant messaging services generally.” “Hacking risks exist, especially when data is backed up from your phone into the cloud - it might not be encrypted, and once information is there, it’s outside of your control.”
This development was important to ensure privacy standards are maintained in a post-Brexit environment...being bundled in with the Rest of the World would have made it harder for Gibraltar users to enforce their privacy rights.