Right to privacy & WhatsApp policy


Abhigya Mahajan
On January 4 this year, WhatsApp, the popular messaging platform owned by Facebook, announced through an in-app notification that it had updated its privacy policy. As a result of this privacy update, WhatsApp will be able to exchange users’ metadata and messages through business accounts with Facebook. If their users did not accept updated terms by February 8, they would lose access to their accounts. Users and privacy activists were outraged by the ultimatum, claiming that the new policy was intrusive and would result in user data being compromised. In response to these claims, WhatsApp explained that changes were necessary to assist companies using WhatsApp Business, which the company introduced in 2018 to help businesses communicate with customers. Under fire for its updated privacy policy and February 8 deadline, WhatsApp announced on January 15 that deadline to adhere to the new terms of service had been moved to May 15 due to a lot of misinformation regarding what new update was all about.
Whatsapp is India’s most popular messaging app, and is home to 400 million of the world’s 2 billion WhatsApp users and 310 million Facebook users. In addition, India is the first country in which WhatsApp has introduced payment services. The sharing of large amount of user-data with Facebook without statutory oversight has put Indians in jeopardy. The boycott of WhatsApp demonstrates how much users value the privacy of their data. A user can only trust an online platform, if he is confident that security of their data is the top priority. Although it is the responsibility of the applications to ensure data security, there have been several instances where they have failed to do so. To fill this void, India requires a strict law that protects individuals from breaches of their data privacy. Given the rapid proliferation of data, such tech behemoths require regulatory oversight. The ongoing COVID-19 pandemic has increased dependence on digital platforms, emphasizing the importance of data protection legislation in countries around the world. With the passage of time, Indian law has failed to address a significant issue posed by these social networking apps. In India, there is no law that specifically addresses data protection. Because there are no strict laws prohibiting hackers or social media giants from accessing Indians’ data, they can easily do so. Almost 75 per cent of cybercrimes, such as child sexual abuse, terrorist radicalization, financial crime, or disruption of law and order caused by fake news, begin with a phishing or social-engineering attack via these messaging apps or social media. Social engineering is the practise of manipulating people in order to obtain confidential information, such as tricking someone into sharing sensitive information such as passwords or bank information, or accessing a computer to secretly install malicious software.
Since India does not have a robust data protection regime, WhatsApp will take this move in India rather than European Union. However, in 2019, the Ministry of Electronics and Information Technology tabled the Draft Personal Data Protection (PDP) Bill in Parliament. It is currently with a Joint Parliamentary Committee and has not passed into law. The bill’s primary goal is to protect citizens’ right to privacy in relation to their personal data and its use. In the landmark case of K S Puttaswamy vs Union of India, the right to privacy was recognised as a fundamental right. It is that fundamental right derived from the right to life and liberty under Article 21 of the Indian Constitution. It was felt that strict laws governing the right to privacy in the technological sector were required. Apart from consumer protests, the Ministry of Electronics and Information Technology (MeitY) sent a strongly worded letter to Will Cathcart, WhatsApp’s global Chief Executive Officer, requesting that latest privacy policy be withdrawn. The proposed amendments to the WhatsApp Terms of Service and Privacy Policy raised ‘grave concerns about the consequences for the option and autonomy of Indian people,’ according to the letter. According to the ministry at the time, the new policy update enabled WhatsApp and other Facebook companies to ‘make intrusive and precise inferences about users.’ A list of 14 questions about the new policy, as well as how data collected in India is processed and used, was also sent to WhatsApp. In an affidavit filed later in March, the ministry told the Delhi High Court that WhatsApp’s latest privacy policy, declared in January, breached 2011 IT Rules on five counts, and urged the court to prevent the messaging app from enforcing the policy. So, what will exactly happens on/after May 15? WhatsApp has begun reminding users to review and accept its policy update, which it will do for an unspecified period of time. These reminders will become ‘persistent’ after a ‘period of several weeks,’ at which point the app’s functionality will be severely limited. According to WhatsApp, this timeline will differ for each user. You won’t be able to access your chat list (presumably this will be replaced by a permanent update banner without a skip option) but you will be able to answer incoming audio and video calls, read and respond to messages, and call back a missed call from your notification shade (provided notifications are enabled on your device). You will lose all functionality after a few weeks, ‘you will not be able to receive incoming calls or notifications, and WhatsApp will stop sending messages and calls to your phone.’ Again, WhatsApp ‘will not delete your account’ at this time, but it may in the future, as it is quick to note that ‘our existing policy related to inactive users will apply.’ According to WhatsApp, accounts are typically deleted after 120 days of inactivity. Even if it doesn’t, the app serves no real-world purpose at the moment, which is why WhatsApp also instructs you on how to export your chats and download an account report on the same FAQ page. If they sign up on or after May 15, new users will be required to accept WhatsApp’s new terms and conditions.
The privacy of a billion citizens is far too important to be left solely to the practises of a commercial enterprise. At present, the collection and use of personal and sensitive data is governed by the Information Technology Rules, 2011, which were enacted under the IT Act of 2000. However, it was felt that technology had advanced since the rules were written. There were numerous flaws in the Act that prevented it from providing adequate assurance for data protection. The Personal Data Protection Bill, 2019, was drafted with the intention of providing broad protection in data usage and transfer.
In the midst of a pandemic, when every interaction is being digitalized, massive amounts of personal data on individuals are being collected and processed. Without statutory protection, Indian consumers using electronic platforms are currently vulnerable to any data breach. Many experts believe that WhatsApp users in India will be unconcerned about this issue because privacy policies are generally difficult for the general public to understand. As a result, the Government and civil society must engage in public awareness campaigns to educate the public about the importance of digital privacy.