They did correct their policy to no longer lie to users after they were fined. I'm not sure that counts as "doing really well in terms of security and privacy for its users".
I think that's a bit disingenuous, who reads these policies anyway? And how much does this really matter compared to features like end-to-end encryption?
This wasn't a trivial technicality. They said users' phone numbers were being anonymized and they weren't.
How they handle private data, especially if they lie about what they're doing, does really matter. End-to-end encryption doesn't mean anything if they secretly keep the a key able to decrypt it, which is basically what they were getting fined for.
