Vrinda Bhardwaj, a Research Associate at the Centre for Policy Research, New Delhi and Ankur Rana, an LLM student at the Faculty of Law, University of Delhi, India dissect the legal implications of the new controversial and invasive WhatsApp policy in India...
WhatsApp is a free to download cross-platform messaging application which was founded in 2009. In 2014, Facebook acquired WhatsApp for $19 billion, which brought WhatsApp under scrutiny for its privacy practices. Facebook faced international backlash for the Cambridge Analytica scandal during the Brexit and 2016 United States Elections. Moreover, in 2018, news reports exposed Facebook’s private data-sharing deals with tech giants like Amazon, Spotify, and Netflix. As of now, WhatsApp has about 2 billion users worldwide, of which 340 million are Indians.
Facebook seems a social media platform to the general public, but it is a data aggregation machine for commercial gains via advertisements in actuality. It generated 80.9 billion US dollars in revenue from advertisements in 2020 and is estimated to generate 94.6 billion US dollars in 2021. This policy implies that Facebook and other affiliated applications might use WhatsApp for commercial gains, thereby breaching users’ privacy. Moreover, the policy lacks clarity on the consequence or liability of data breaches, such as mishandling bank account details shared on WhatsApp business accounts. Most importantly, it is unclear how and who will use the data and for what purposes. Lack of government or independent third-party regulation may cause exploitation of user’s data. It could also lead to spreading misinformation, fake news, and hate propaganda.
In Justice K.S Puttaswamy (Retd) v. Union of India, the Supreme Court of India ruled that privacy is a fundamental right under Article 21 of the Indian Constitution. Court held that informational privacy is an individual’s choice to disseminate personal information, and it is a part of the right to privacy. Furthermore, it was held that both State and non-State actors could exploit data; the government must enact a strong data protection law. Recently, writ petitions filed in the Supreme Court and the Delhi High Court sought an injunction to restrain WhatsApp from implementing the updated terms of service as it violates the right to privacy and threatens state security – owing to this, the implementation of the policy has been deferred in India.
The differential treatment met to India and Europe by WhatsApp highlights the need for a codified data protection law in India, much like the European General Protection Regulation. It further raises issues of data localization and storage. The Committee headed by Justice BN Srikrishna advocated for data localization, restricting users’ data to move out of the country for commercial exploitation. Example: India needs data localization laws that enable data storage of Indian users in India itself, rather than at data centers owned by Facebook in the United States.
There is a need for federated alternative messaging platforms with proper governance like Signal and Telegram. These applications’ models are designed to encrypt both the metadata and content, so even the application servers cannot decipher or retain the users’ information. Moreover, unlike Signal or Telegram, the data backup is not encrypted by WhatsApp, which leaves room for data exploitation. Thus, WhatsApp should learn to promote cyber security from these applications for linking and leaking sensitive data. Besides, social media or messaging applications should be segregated from payment applications or digital wallets to ensure secure financial transactions.
The fundamental right to informational privacy and freedom of speech can only be exercised if the conversations between citizens are private. This right is not absolute and is subject to reasonable restrictions by the State to promote public interest. It is too important to leave a billion citizens’ privacy and rights to a commercial enterprise; hence, a proactive data protection law is the need of the hour. Tim Cook, the CEO of Apple, once said, “Right to privacy is really important, you pull that brick out, and another and pretty soon the house falls,” this sums up the whole debate around the WhatsApp privacy debacle.
Vrinda Bhardwaj is a Research Associate at the Centre for Policy Research, New Delhi, India and previously worked as Judicial Clerk at the Supreme Court of India.
Ankur Rana is an LLM student at the Faculty of Law, University of Delhi, India.
This article was prepared for publication by Khushali Mahajan, a JURIST Staff Editor. Please direct any questions or comments to her at firstname.lastname@example.org.
Opinions expressed in JURIST Commentary are the sole responsibility of the author and do not necessarily reflect the views of JURIST's editors, staff, donors or the University of Pittsburgh.