Telegram Hides Behind GDPR on Privacy Policy Change

ICOBox co-founder Daria Generalova on the unanswered questions concerning the messenger’s relations with spies in Russia and elsewhere

Telegram is the favorite messenger service of the crypto community. It works great and its privacy settings are considered the gold standard of personal online freedom. Until now?
Telegram has recently rewritten its privacy policy, and Section 8.3 is raising eyebrows:
“If Telegram receives a court order that confirms you’re a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it does, we will include it in a semiannual transparency report published at: https://t.me/transparency”
Back in April, a Moscow court order blocked access to the Telegram messenger in Russia (except for those Internet users competent enough to skirt the ban). The reason given was that Telegram refused to hand over universal keys to the Russian Federal Security Service (previously known as the KGB) for use in cases of suspected “terrorism”.

The European Union General Data Protection Regulation (GDPR), which came into effect over three months ago, doesn’t dictate companies’ privacy policies. Telegram always gathered data and would comply with requests linked to real terror threats. Even the amended document wouldn’t satisfy the Russian authorities’ demands to actually see messages rather than just addresses, but using GDPR as a pretext to change its global privacy policy is a bit sneaky when court orders linked to terrorism are in no way covered by the GDPR. Anyway, only the most incompetent terrorists imaginable could be caught by just disclosing an IP address and phone number.

Telegram’s new privacy policy is here and written in quite plain English: https://telegram.org/privacy