With gdpr, you can at least download all the data they have collected about you. Have you verified your Trojan horse claim?
> WhatsApp still won't be able to access any of your communications or share them with Facebook. Meanwhile, WhatsApp will be able to share user account information like your phone number, logs of how long and how often you use WhatsApp, device identifiers, IP addresses, and other details about your device with Facebook. Plus, WhatsApp can share transaction and payment data, cookies, and location information with Facebook if you grant permission. All of which has been true since 2016.
More is detailed in the WhatsApp privacy policy [1] (emphasis mine):
> We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo, "about" information; whether you are online, when you last used our Services (your "last seen"); and when you last updated your "about" information.
I suspect nokya was exaggerating somewhat, but only somewhat.
[0]: https://www.wired.com/story/whatsapp-privacy-policy-facebook...
For the exaggeration, I would happily answer but I would need to know on which access you felt I exaggerated (except the fact I did not know Apple kept this list only to itself and friends). The data categories I mentioned are quite straightforward and not specifically obtained by WhatsApp only.
I don’t believe this is correct: They may only have to provide data they “control” (in the GDPR-sense of the word; see Art.15,3)
If they merely downloaded it for processing into market segments or even just generated high-value marketing segments directly on the device, they would only have to and be able to give you the list of those segments, and maybe explain broadly that they learned this from “on-line activity”.
If they do exfiltrate everything, they could hold this data for “legitimate interests” such as for lawful intercept, fraud detection, or disaster recovery. If it is not a “normal” business practice to access[1] it they may not be required to reveal that they have it.
Note I am not verifying that Facebook does these things only what my understanding of their obligations are under the GDPR. This does not constitute legal advice, I am not your lawyer, and so on.
[1]: FB’s normal business is selling ads and they don’t typically let ad sales or traffickers access this raw data directly.
1. You only get the data you provided to the service, not the data they derived from your use of the service. Incidentally, this second data set can be as much critical when shared to third parties.
2. You only get the data they kept about you, not the data that resulted from the various transfers to their partner companies and which was thereafter correlated with other databases.
These two sets of data are about the user, but the user never gets to see it, unless it is explicitly requested to the partner companies.
Thanks Trojan horse GDPR.
