Survey Results
One of the key findings from our recent online Financial Services Technology Survey is that free customer engagement software is prevalent within the industry. Zoom (used by 80% of respondents) and its more informal cousin, WhatsApp (used by almost 40% of respondents), are the most popular programs used.
The provision of securing end-to-end connections during video meetings has made great strides over the past couple of years. However, a growing concern is how the customer engagement company (Zoom / Whatsapp) offering the free services are using advisers’ and their clients’ information. Furthermore, with the advent of POPIA and GDPR, are those services complying with privacy legislation?
Free software and internet-based services are widely available online in different forms. These forms include:
Social media platforms – Twitter and Facebook
Internet browsers – Firefox and Chrome
Operating systems – Linux and Android
Online meetings – Zoom and WhatsApp
Free software ranges from an operating system to specific programmes. Copyright law does not cover software in the public domain (for example). It is free as long as the source code is in the public domain or otherwise available without restrictions. (Wikipedia)
Free software should not be confused with free online services such as social media and specific online engagement offerings which track, package, market and sell a user’s data for profit. In essence, users become the products, their internet usage is sliced and diced and sold to the highest bidder.
While the above is true for both social media platforms and search engines, it is less clear how free communication services such as WhatsApp and Zoom benefit from their free offerings. Zoom has various services available, both free and subscription based. However, their free service is limited in meeting length and functionality compared to their subscription services. The company thus uses the free offering to attract users to sign up for their paid services. While there has been no mention of Zoom selling customer data, the discontinuation of these free services could be a risk to users.
The purchase of Whatsapp by Facebook (a company well known for its ability to monetise user information) does raise a concern. Although Facebook and WhatsApp deny any intention to use personal data for anything other than for a specific purpose, the two companies will share your data (as with your contacts data) as a minimum.
This sharing of information between entities leads to a POPIA / GDPR compliance question, that being, how compliant are these services in terms of these privacy legislations?
As things stand:
‘Even though WhatsApp has assured users that the processing of data will be specific to WhatsApp Business, it must be noted that this is still in non-compliance with POPIA. Information from businesses is also protected, as they fall within the scope and definition of personal information in terms of POPIA.’ (https://www.mondaq.com/southafrica/privacy-protection/1066042/is-whatsapp-popia-compliant)
Zoom, too, has had its challenges. Last year the company made headlines for the wrong reasons with a sudden increase in Zoombombing, the activity of entering a Zoom meeting as an uninvited participant with malicious intent. Although Zoom rolled out security patches over the course of last year limiting the practice, personal data is stored at data centres across the world, some of which may be in territories not having the same privacy standards and regulations as South Africa – a potential risk to local users.
With questions raised around free communication services, it makes sense to consider your current digital customer engagement strategy carefully.
Do the usage risks related to free online services and platforms outweigh the cost of commercial applications? With fines of up to R 10 million (and possible jail time), the answer is a resounding yes. A discussion with your compliance office would well be worth the investment in time and effort. Alternatively complete the customer engagement risk assessment questionnaire and we’ll be in touch with the results.
References
https://www.pridatect.co.uk/zoom-gdpr-compliant/
https://www.dialageek.co.uk/blog/whatsapp-is-not-gdpr-compliant-so-dont-use-it-for-business
About time someone had some sense
Excellent article. Agree with Kenny; time to highlight these dangers.