How E-lia Ensures Privacy and Data Security When Using WhatsApp

By Kees van Nuland  |  November 14, 2025

More and more organizations want to reach their employees in a simple, fast, and secure way. This is often a challenge, especially with deskless workers – people without a fixed workplace or corporate email address.

That is why E-lia uses WhatsApp: the most widely used communication tool in the world. But how safe is it really? And how does this relate to GDPR (AVG) and corporate data security?

In this blog, we explain step-by-step why E-lia chooses WhatsApp, how the platform handles data, what we do and do not share with Meta, and why your organization can be confident about the security of this communication channel.

1. Why does E-lia choose WhatsApp?

Before diving into the technical side, let's answer the most important question: why do we use WhatsApp specifically?

1.1 No login, no new app, no extra hurdles

Most people already have WhatsApp installed on their phones. Users don't need to sign up again, download an extra app, or remember a password. This makes using E-lia exceptionally accessible. That is exactly what is needed for target groups who don't spend their entire day behind a laptop.

1.2 Understandable for everyone

From young to old: almost everyone knows how to use WhatsApp. Our users – ranging from production and construction workers to cleaners and retail staff – immediately know how it works. This makes training or explanation about the tool unnecessary.

1.3 Already integrated into work

Employees often already use WhatsApp in work contexts, for example in shift or project groups. Because E-lia works via the same channel, we align with existing behavior instead of introducing something new.

Although E-lia currently communicates mainly via WhatsApp, we are also experimenting with alternatives such as Signal and web-based chat environments. In the long run, organizations determine for themselves which channel best suits their policy and target group.

2. What is the relationship between E-lia and WhatsApp, and what data do we exchange?

For communication with end-users, E-lia uses the official WhatsApp Business Messaging API. Meta developed this API specifically for companies that want to send messages to employees and customers in a secure, controlled, and transparent manner.

We encrypt all communication between E-lia and users end-to-end. This means that only the sender and receiver can see the content — so exclusively E-lia and the user in question. WhatsApp (Meta) therefore has no access to the content of these messages.

When E-lia starts a conversation with a user, we always do this based on their mobile phone number. This number is already known to WhatsApp. We therefore do not share any new personal data outside the existing WhatsApp environment.

The process is as follows:

• E-lia calls the WhatsApp API to send a message to a user.
• WhatsApp sends back so-called “callbacks”: technical notifications indicating whether a message has been sent, delivered, or read.
• These callbacks are linked exclusively to a phone number — not to names or other personal data.
• E-lia links this number within its own secure Dutch database to the correct user, so we can register progress.
• If employees cannot or do not want to use WhatsApp, E-lia offers alternative communication channels via web chat or other secure channels.

3. What data does WhatsApp process — and does it involve chat content?

We make an important distinction here: the data WhatsApp processes has nothing to do with the content of the messages.

The actual text, images, or answers from users remain fully end-to-end encrypted. These are only visible to E-lia and the user themselves, not to WhatsApp or Meta.

WhatsApp does process so-called metadata: technical data needed to deliver messages. Think of:

• The phone number of sender and receiver
• Time of sending, delivery, and reading
• Status information (sent, delivered, read)
• Device type or operating system

E-lia only receives the necessary status information (the callbacks) to register whether a message has been successfully delivered or read. This metadata is functional and technical in nature and contains no substantive data from the chat.

In short: we do not store any information and share nothing that says anything about what an employee exactly reads, fills in, or answers within a learning module.

4. What about the new Meta AI and processing user data?

Recent announcements from Meta AI have raised questions among some users: does Meta gain insight into message traffic via artificial intelligence and use this to train their AI model?

The answer is reassuring: no, not within the business WhatsApp environment that E-lia uses.

4.1 How Meta AI works

In 2024 and 2025, Meta announced various AI functionalities, such as chat summaries and smart replies. These features use a system called Private Processing. Here, the system processes data temporarily in a secure enclave (Trusted Execution Environment). This process ensures that no employee or other process within Meta has access to the content of this data.

Meta also emphasizes in its official communication that they never use private messages to train AI models.

4.2 What Meta can and cannot see

There are clear limits to what Meta can see:

• The system only temporarily processes messages that users consciously send to the Meta AI to generate an answer.
• The infrastructure does not process regular messages between E-lia and users.
• The content of E-lia messages remains end-to-end encrypted.

4.3 Control for users

With WhatsApp, users always retain control over their data and the use of AI functionalities. Since 2025, WhatsApp has offered the Advanced Chat Privacy function, allowing users to decide whether to allow or disable AI functions.

Important to know: within the WhatsApp Business API used by E-lia, these AI functions are disabled by default. This means that Meta's AI infrastructure does not process conversations between E-lia and employees and that they do not use data to train AI models.

In other words: E-lia users always communicate within a secure, traditional WhatsApp environment that is completely shielded from Meta AI. The content of the messages remains private, end-to-end encrypted, and accessible only to the user and E-lia.

Source: Digital Watch Observatory – Update 2025

5. Information security and GDPR within E-lia

In addition to security via WhatsApp itself, E-lia also meets all applicable standards for privacy and information security:

• Only authorized administrators have access to user data.
• We store data on secure Dutch servers.
• E-lia works exclusively with parties that comply with ISO 27001 standards and the GDPR.
• We never share the content of learning modules with third parties and do not use it for other purposes.

Although communication via WhatsApp is secure, awareness within organizations remains important. Employees are responsible for handling information carefully, for example by not sharing sensitive company data via chat.

6. Conclusion: secure, transparent, and GDPR-proof

The use of WhatsApp within E-lia is completely secure and GDPR-compliant. Through the combination of end-to-end encryption, controlled API connections, and a strict internal privacy policy, we protect all data optimally.

Briefly summarized:

E-lia thus combines the best of both worlds: accessible communication via WhatsApp and strict guarantees of privacy and security. A modern learning solution that does what it promises — safe, reliable, and human-centered.