WhatsApp has introduced a new feature aimed at enhancing user privacy, particularly in group chats. The messaging platform continues to evolve its security measures, responding to growing concerns over data confidentiality among its users. With the latest update, WhatsApp has rolled out an expanded privacy protection setting designed to bolster security for personal conversations and group discussions.
This new feature prevents participants from sharing content from chats or WhatsApp groups, ensuring that sensitive information remains within the confines of the conversation. According to Liter.kz, "When this function is enabled, you can prohibit interlocutors from exporting chats, automatically uploading media files to the phone, and using AI functions for messages. Thus, all participants will feel safer, as no one outside the chat will see the content of the correspondence." This is particularly relevant as more users create thematic groups on WhatsApp, often discussing personal or sensitive topics.
To enable this new privacy setting, users need to click on the chat name and select "Expanded confidentiality protection in the chat." The feature is set to be available to all users of the latest version of WhatsApp shortly, marking a significant step in the app’s commitment to user privacy.
As privacy concerns continue to rise, the introduction of this feature aligns with a broader trend in data protection regulations worldwide. In 2025, data privacy is no longer a niche concern relegated to legal teams and IT departments; it has become a priority at the board level, directly tied to trust, reputation, and long-term sustainability.
According to Statista, a staggering 75% of the global population is now subject to modern privacy rules. This shift necessitates that multinational companies, as well as those operating within the United States, develop flexible and scalable privacy structures that adapt to a complex mosaic of laws and shifting definitions of personal data.
The implementation phase of the primary U.S. privacy laws adopted in 2024 has intensified the pressure on companies to act transparently and responsibly. Organizations must recognize that data management equates to customer management. Poor handling of personal data can lead not only to substantial fines but also to a significant erosion of public trust, which is difficult to rebuild.
In 2024, several U.S. states, including Florida, Washington, and New Hampshire, enacted comprehensive privacy laws that came into effect this year. Florida’s Digital Bill of Rights applies to companies with revenues exceeding 1 million dollars, granting consumers rights to access, delete, and opt out of data sales, particularly regarding biometric and geolocation data. Washington’s My Health My Data Act expands protections for consumer health data, mandating explicit consent prior to data collection, while New Hampshire has introduced the first all-encompassing privacy law, enabling rights to access, correction, deletion, and opt-out of personal data sales.
These legislative changes reflect a significant shift towards stricter consumer control and transparency, requiring businesses to adopt a proactive, global approach to data privacy. Companies can no longer afford to view data privacy as merely a U.S. or GDPR issue; they must embrace a comprehensive strategy that integrates privacy into their organizational culture.
This cultural shift begins with employee training and clear data handling instructions, supported by management. Businesses that embed privacy into product development, marketing, customer support, and HR functions distinguish themselves in the marketplace. As data breaches become more prevalent, with IBM reporting the global average cost of a data breach at $4.88 million in 2024, the stakes have never been higher.
One of the most pressing challenges facing organizations today is the integration of artificial intelligence (AI). While generative AI and machine learning tools have gained traction, they pose significant privacy risks. Organizations must carefully scrutinize data collection practices in AI systems and differentiate between public and private AI. Public AI models, trained on open internet data, are inherently less secure, while private AI can be configured with strict access controls to protect sensitive information.
Companies are advised to limit the use of generative AI tools within their internal systems and to prohibit the entry of confidential or personal data into public AI platforms. The guiding principle is straightforward: if it’s not protected, it shouldn’t be used.
Radical transparency has emerged as a competitive advantage in 2025. This entails clear, concise privacy policies written in plain language, making them accessible to the average user rather than buried in legal jargon. Companies must also empower users with tools to manage their own data, including consent panels, opt-out links, and data deletion requests, particularly for mobile applications that often collect sensitive information.
To navigate the increasingly complex data privacy landscape, organizations should implement best practices, such as conducting thorough data inventories, adopting a privacy-by-design approach, and ensuring continuous employee training. Additionally, they should limit data storage, employ encryption and anonymization techniques, and audit third-party vendors to ensure compliance with privacy standards.
In light of these developments, Ubisoft has recently faced scrutiny regarding its data privacy practices. The Austrian organization noyb has filed a complaint against Ubisoft with the Austrian regulator, alleging violations of GDPR related to the game Far Cry Primal. A gamer discovered that despite the absence of online features, the game required an internet connection and frequent communication with Ubisoft servers, transferring data to various third parties including Google and Amazon.
Noyb claims that Ubisoft collects and transmits data without gamers' consent, demanding the deletion of illegally collected information and a revision of the company’s data policies. They seek a fine of up to 4% of Ubisoft's annual turnover, potentially amounting to 92 million euros, as the company faces increasing pressure to uphold data privacy standards.
As the landscape of data privacy continues to evolve, companies must prioritize transparency, security, and customer trust. In a world where data is increasingly viewed as currency, how organizations protect that data will reflect their core values and determine their success in the years to come.
