WhatsApp Introduces Usernames to Reduce Phone‑Number Sharing
What Happened — WhatsApp is rolling out a new “username” feature that lets users start chats without disclosing their phone numbers. The service assigns a unique, user‑chosen handle that can be shared instead of a telephone number.
Why It Matters for Compliance & Audit Readiness
- Demonstrates a privacy‑by‑design move that supports data‑minimization requirements in GDPR, CCPA and other privacy frameworks.
- Gives organizations a concrete control to document in their SOC 2 Privacy (CC) criteria – “Limit collection and disclosure of personal data.”
- Provides a new data‑subject identifier that must be reflected in consent records, DSAR handling, and privacy notices.
Who Is Affected — Consumer messaging platforms, mobile‑app developers, enterprises that embed WhatsApp Business for customer engagement.
Recommended Actions
- Update your privacy policy and consent mechanisms to cover the optional username field.
- Map the username feature to SOC 2 CC control CC6.1 (Limit collection of personal data) and record the change in your continuous‑compliance evidence store.
- Verify that DSAR processes can locate and delete username data on request.
Source: TechRepublic – Meta Adds WhatsApp Usernames
Technical Notes — No new vulnerability is disclosed; the change is a client‑side UI/UX addition that stores a handle in the same encrypted user profile database used for phone numbers. No CVEs are associated.