Amazon and WhatsApp have been scolded by the privacy campaigning group the Electronic Frontier Foundation over their “disappointing” privacy practices, and told that they can and should be doing better in its yearly review.

The seventh annual Who Has Your Back privacy report analysed the policies and public actions of 26 companies, rating them out of five categories covering industry best practices, privacy policies and their dealing with governments – including two new entries of “promises not to sell out users” and “stands up to National Security Letter (NSL) gag orders”.

While nine companies earned top ratings with five stars, including Adobe, Dropbox, Lyft and Uber, some of the biggest names in technology scored only four, including Apple, Google and Microsoft. It was Amazon and WhatsApp, both of which scored only two stars in the EFF’s rating, that were singled out in the report, however.

“We were disappointed that two technology companies fell short of other online services: Amazon and WhatsApp,” the EFF said. “While both companies have adopted industry-accepted best practices of requiring a warrant for content, publishing law enforcement guidelines, and publishing a transparency report, and while we applaud both companies for advocating for reforms to overbroad NSA surveillance, these two companies are not acting as leaders in other criteria that we examine.”

The two companies – one that handles private communications, the other the world’s largest retailer with a track record of good customer service – were criticised for not having strong public policies around the notification of government data requests. They were also criticised for not meeting the EFF’s benchmark for not selling out users and a lack of on-the-record policies to request judicial review of the gag orders that accompany NSLs, which are akin to subpoenas for user activity and have, the EFF says, contributed to the “widespread abuse of this investigatory tool” that can be deployed without judicial review.

The EFF said: “We urge both Amazon and WhatsApp to improve their policies in the coming year so they match the standards of other major online services.”

US telecoms companies AT&T, Comcast, T-Mobile and Verizon, which each scored just one star, were also lambasted for failing to commit to keeping users informed on disclosure of their data, and for failing to publicly state a policy of requested judicial review of the gag orders of NSLs.

The report highlights that progress has been made within the technology industry with regard the protection of privacy of users in the last seven years, noting that all of the 26 evaluated companies this year have implemented at least some of the practices that were considered top-drawer in 2011.

It also praises the actions of some 21 of the evaluated companies in attempts to change some of the “fundamentally flawed laws in the US” concerning government access to data, including the FISA Amendments Act of 2008 that underpins much of the NSA’s mass surveillance of the internet.

EFF senior staff attorney Nate Cardozo said: “The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies — which serve as the pipeline for communications and internet service for millions of Americans — are failing to publicly push back against government overreach.

“Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with.”
Amazon has not responded to a request for comment. WhatsApp has declined to comment.