The world has been dependent on WhatsApp for long time and the enormous amount of messages were being sent to people all around the world. Suddenly the largest messaging application by user base shocked the whole world when it updated its terms and privacy policy. The said terms and privacy policy inter alia included sharing data with its parent company Facebook Inc and other Facebook companies such as Instagram and Messenger. This sudden change brought us to think that is privacy a myth?
Since Facebook’s acquisition of WhatsApp, user had the option to opt out of sharing activity data on WhatsApp from Facebook. Up until now, it was only an option. Now that option is no longer going to be available. To be precise, it is “take it or leave it” for all the users.
The WhatsApp has characterized the sharing of data only for business accounts and had held that the private messages will not be affected. The private messages and calls are still end to end encrypted. No third party can access the private conversations or group chats. The caution is that when you sign up, WhatsApp will have access to your personal information such as your internet protocol (IP) addresses, your location, financial transactions made over WhatsApp – that would be sold to Facebook. This information would be used to target you with ads on other platforms like Facebook and Instagram. In essence, the new changes to WhatsApp and privacy policy relate to how WhatsApp will share information within the Facebook group of companies and how any shared information will be used. The WhatsApp will share its users, browser information, language, time zone, IP address and mobile network.
Making the intra-group data sharing necessary for using the WhatsApp has once again brought to the fore the debate on privacy laws.
There has always been concerns about data privacy with WhatsApp in India and our law enforcement agencies has used WhatsApp chats to incriminate evidence. The WhatsApp chats of individuals are also aired on tv channels by media houses freely without even thinking of any legal repercussion of the same. It had already mounted lots of pressure on WhatsApp for security and privacy of this most widely-used messenger application.
Privacy Protection in India
Pertinently, India at this global age does not have stringent laws on data sharing and data abuse. There is no competent authority to maintain checks and balances with respect to infringement of data and privacy as well as abusing the privacy of individual on national television. Until the Personal Data Protection Bill becomes law, it will be hard to police tech companies on how user data should be processed.
Interestingly, WhatsApp’s policy is different in the European Union which has stricter privacy laws (in some countries like France, regulators had previously restricted WhatsApp from sharing data with Facebook without user consent). India is still waiting for its data protection law. If India had a data protection law in place WhatsApp would not have been able to go ahead with new terms and privacy policy
Personal Data Protection Bill which was introduced by Srikrishna Committee states that you can only use the information for purposes that are linked to the purpose for which the information was given. Had this bill been enacted, WhatsApp would have thought twice to update its terms and policy in India.
The Hon’ble Supreme Court of India had in its plethora of judgements had categorically held that privacy is a fundamental right of an individual and state has the responsibility to safeguard the privacy of all its citizens.
Justice DY Chandrachud in his dissenting opinion in Aadhar Judgement has held that “Technology questions the assumptions which underlie our processes of reasoning. It reshapes the dialogue between citizens and the state. Above all, it tests the limits of the doctrines which democracies have evolved as a shield which preserves the sanctity of the individual.”
The Hon’ble Supreme Court of India in Justice K S Puttaswamy (Retd) vs Union of India (2017) 10 SCC 1 (hereinafter referred to as “Puttaswamy Judgment”) in unanimous verdict given by a nine judge bench declared privacy to be constitutionally protected, as a facet of liberty, dignity and individual autonomy. The said judgement were in the contours of declaring privacy as a constitutional protected right. It is pertinent to mention that privacy comes under the ambit of Article 21 of the Constitution of India as well as the other facts of freedom and dignity recognized and guaranteed by the fundamental rights contained in Part III of our Constitution. The Puttaswamy Judgement also outlined that right of privacy is every individual’s natural and inherent right, the Hon’ble Supreme Court held that “Life and personal liberty are not creations of the Constitution. These rights are recognised by the Constitution as inhering in each individual as an intrinsic and inseparable part of the human element which dwells within”
Though the Puttaswamy judgment was considered a landmark judgment in the Aadhaar case, it has fallen short in terms of implementation.
The discussion of the precedents of our judiciary clearly gives us ideology with regard to what privacy is for the people but the machinery which will put this ideology to the motion is executive and legislative authority of our democracy and as of now we don’t have any legislature which will safeguard our privacy and our data. This situation with WhatsApp shall be an alarming bell for our legislatures and executives and it is high time that government make all endeavours to protect sovereignty of its citizen’s data and privacy. Without this, the digital-age present the risk of becoming a glass-house, whose see-through walls would allow too much exposure to the surveillance and public scrutiny.
We need to bring in stringent data security/privacy regulations and general framework for consent and data used by apps in India. The government should not delay more in bringing the data protection bill into enactment. A proper legislation might fill in all the voids and bring a sense of security in the minds of the citizens regarding their data.