A Whatsapp Update

In February 2021, WhatsApp updated its privacy guidelines[1] which brought about some significant changes in terms of its usage. The most significant change in the new policy is the declaration that WhatsApp would share information across the Facebook Network of Companies, i.e., Facebook, Instagram, etc. While it was optional previously, post 8th February 2021, it would become mandatory. After facing a backlash from users, WhatsApp has put the policy on hold till 15 May.

However, it does not mean that WhatsApp now can share your every data including messages, with Facebook and Instagram. WhatsApp continues to be a safer app than Facebook and Instagram who do not provide end-to-end encrypted chat services. It means that while using these apps, the message data is shared with a third party other than the sender and the receiver. However, with the policy change, interactions with businesses on WhatsApp, including messages, will be accessible across the Facebook network.

It is important to understand that WhatsApp will conduct significant data mining exercises in two branches: i) primary text messages sent to business accounts ii) metadata

Metadata, for our discussion, can be explained as almost everything about a message except for the ‘content’ of that message. This includes the user's location, IP address, profile picture, contacts, and WhatsApp statuses. Although WhatsApp still claims that it cannot access the user's contacts and location. It was a common practice used by Facebook ever since its inception. For example, you must have noticed that Facebook ads are always relevant to what you search on Google or online shopping sites. Besides, it also extracts keywords from messages and shows customized ads to the targeted audience.

The difference between WhatsApp and Facebook regarding data sharing is that users had consented to such terms on Facebook. However, WhatsApp had promised to maintain its strict privacy policy and follow a policy of non-interference through ads.

Now on a more dangerous scale, details about users’ spending habits or location can help Facebook build an identity/personality profile helping them target advertisements from businesses like political consultancies or political parties. Facebook is alleged to play a similar role in the 2016 US elections, which led to the unexpected win of Donald Trump.

In the Supreme Court, a three-judge bench of CJI SA Bobde, Justice AS Bopanna, and Justice V Ramasubramanian is hearing a challenge to WhatsApp’s updated privacy policy.[2] On 3 February, a division bench of the High Court issued a notice on a Private Interest Litigation challenging WhatsApp’s January 2021 policy. The PIL stated that the policy violates Article 21 of the Indian Constitution which recognizes the right to privacy as a Fundamental Right. In 2017, a nine-judge bench of the Supreme Court had declared the right to privacy a fundamental right for all citizens. The apex court ruled that a right to privacy includes a right to control usage of one’s data i.e., decisional autonomy over data of every citizen. What’s interesting is that the company said its policy in Europe is different from other countries because of different laws on privacy. Yet, the policy for Indian users is similar to the rest of the world. This comes after the European Commission fined Facebook €110 million for providing incorrect or misleading information during the Commission's 2014 investigation under the EU Merger Regulation of Facebook's acquisition of WhatsApp.[3]

While India does not currently have a data protection law, Solicitor General Tushar Mehta appeared for the central government and told the Supreme Court that the right to privacy is a fundamental right and it cannot be infringed upon irrespective of whether there is a specific law for it or not. Currently, the usage and transfer of personal data of citizens are regulated by the Information Technology (IT) Rules, 2011, under the IT Act, 2000. The rules hold the companies using the data liable for compensating the individual, in case of any negligence in maintaining security standards while dealing with the data.

Also, a bill proposed earlier by the Srikrishna Committee[4] stipulates under Section 5 that the usage of data/information must be reasonably linked to the purpose for which it was given. Under this proposed section, for example, data collected like financial information, location, or any other metadata on WhatsApp cannot be used by a different entity to target users with advertisements for associated businesses.

Under this proposed bill, the liability is on the businesses to ensure that the user’s consent with regards to the collection of data is fairly taken, and the collected data is used in a reasonable manner linked to its original purpose.

In response, WhatsApp declared, “If India has a similar law then we shall follow it.” Subsequently, the last date for accepting the new privacy policy was extended to May 15.

WhatsApp's new policy is of significant concern as India has the highest number of WhatsApp users globally with around 340 million people actively using it. It is followed by Brazil where the number of users is significantly less, around 60 million. In June 2020, the Center banned 59 Chinese apps over privacy concerns including some of the very popular apps like TikTok and PUBG[5]. Following WhatsApp’s new guidelines, thousands of users have already switched on to other apps like Telegram and Signal which provide various features like disappearing messages, keeps user’s identities and contact numbers safe and no data is shared with third parties.

Following the severe backlash, WhatsApp tried to reassure its Indian users that changes in guidelines were meant to improve users’ experience on the app. However, the application post the changed guidelines remains to be seen.

[1] https://www.whatsapp.com/legal/updates/privacy-policy/?lang=en [2] Karmanya Singh Sareen v. Union of India [3] Max Schrems v. Data Protection Commissioner [4] Constituted under Ministry of Electronics and Information Technology [5] https://timesofindia.indiatimes.com/business/india-business/government-blocks-access-to-43-mobile-apps/articleshow/79389252.cms

136 views18 comments