This article is written by Mahima Sharma, from Symbiosis Law School, Pune. The author has thoroughly analysed the case which challenges the drastically changed privacy policy in 2016 by WhatsApp which leads to infringement of right of privacy of more than 160 million citizens of the country. The author through the article has also analysed the supported arguments and issues raised by both parties and judgement given by the High court of Delhi.
Table of Contents
Introduction
India has one of the fastest-growing internet connectivity and accessibility markets in the world. This development has been driven largely by the rise of mobile and computer devices being introduced in the market every other day. The internet service market has grown more competitive due to the emerging new players like JIO. Even when the spread of internet connection is still limited to 35% of the population, this expanded availability of internet services has given birth to some major issues of concern. One such issue which has always been the topic of global debate in the given era of technological advancement is the issue of privacy and the lack of protection thereof. India is no less to not get caught in this facade because the digital India project has led to excessive accessibility of online public and private services.
In the 21st century, there is nothing more private, personal and confidential than the private information and messages communicated through social media by a person to his family, friends and acquaintance. There are various service providers whose service is utilized in India to communicate or to engage in private conversation and share confidential data. One such popular smartphone application which is used by a large number of citizens in India is WhatsApp.
The case of Karmanya Singh Sareen vs. Union of India revolves around the protection of personal data and the right of privacy guaranteed under the Constitution of India, which is contended to be exploited by WhatsApp under the New Privacy Policy of 2016. The Petitioners, Karmanya Singh and Shreya Sethi, two messaging app users, contended that the new policy aims to gather all details pertaining to any WhatsApp account, such as phone numbers, addresses, comments, system information, as well as third-party records that can be used to fund activities, evaluate consumer accounts and acts, and advertise their services.
Historical timeline of the whole situation
Whatsapp was introduced in 2010, it did not enable users data to be exchanged with any other entity. Whatsapp was bought for $19 billion by Facebook in February, 2014. It argued that its privacy policy would remain unchanged.
Nonetheless, in 2016, Whatsapp declared a shift to its privacy policies as a part of the Facebook family of companies it will now share information with Facebook.
On 26th August 2016, a writ petition Number 7663 was filed in Delhi high court by petitioners for protecting the rights of users of the application.
In September 2016, the High Court of Delhi discarded the writ petition and granted partial relaxation to the petitioner.
In response towards this order, a Special Leave Petition was filed with the Supreme Court (Civil) No. 804 of 2017)seeking, first of, whether the privacy policy infringes the right to privacy of its user groups, furthermore, whether the failure of the user to share their data with Facebook is impermissible and, lastly, whether the way in which Whatsapp obtains user assent is misleading.
And to add on to that: Does the Internet networking systems that allow users to share text/audio/video messages, data and render audio/video calls constitute ‘telecommunication’ systems and are subject to regulation by the competent authorities?
The Supreme Court on September 6, 2017 required Facebook and Whatsapp to file affidavits explaining what data is being shared by them, which were duly filed by the respective respondent.
Why was the PIL filed in Delhi High Court
Under Article 32, a writ petition can be filed in the Supreme Court. The Supreme Court can issue a writ only if the petitioner can prove that his Fundamental Right has been infringed. It is important to note that the right to approach the Supreme Court in case of a violation of a Fundamental Right is in itself a Fundamental Right since it is contained in Part III of the Constitution.
But under the given case of Karmanya Singh Sareen vs. Union of India, the petitioner contention of infringement of the right to privacy could not be made because the status of the right to privacy as a fundamental at the time of judgement was not clear because the K.S. Puttaswamy (Retired) and Anr. v. Union of India & Ors case was under the adjudication process. Hence, the petition Under Article 226 was filed in the High court of delhi as the power of the High Court to issue a writ is much wider than that of the Supreme Court. The High Court may grant a writ for the enforcement of fundamental rights or for any other purpose such as violation of any statutory duties by a statutory authority.
Issues raised and arguments presented
The petition proposes a response to the problem of online protection and requests the state to assist in the protection of private data. India currently does not have clear legislation on privacy for users of data. There were the following issues which were put forward by the petition are as follows:
- Does the Privacy Policy of Whatsapp contravene the Privacy Rights of its users?
- Shouldn’t there be a provision of information options on Facebook for the users?
- Is the way in which Whatsapp has acquired the authorisation of its users manipulative?
Arguments raised by the petitioner
- The respondent’s action which is argued in this writ petition, inter alia, that the current proposal in the privacy policy of “WhatsApp” would result in the alteration of the most important, fundamental and essential features of “WhatsApp” that is sufficient protection of the privacy of the information and data of its user groups. Which ultimately violates the fundamental right of privacy guaranteed under Article 21 of the constitution.
- Petitioners argued privacy is a common law right, hence the state must regulate data sharing and enact legislation to protect privacy rights. Examples of other countries who have taken steps for data sharing were relied upon.
Arguments raised by the respondent through affidavits
- WhatsApp has built privacy, end-to-end encryption, and other security features. it does not store user messages once they’ve been delivered. When user messages are end-to-end encrypted, WhatsApp and third parties can’t read them.
- WhatsApp does not retain messages in the ordinary course of providing its services to its users. Once users’ messages (including chats, photos, videos, voice messages, files, and shared location information) are delivered, they are deleted from WhatsApp’s servers.
- WhatsApp also offers end-to-end encryption for its services, which is on by default, when users and the people with whom they message use versions of WhatsApp’s app released after 2 April 2016. When user messages are end-to-end encrypted, WhatsApp and third parties can’t read them.
- Users may delete their WhatsApp account at any time (including if users want to revoke their consent to WhatsApp’s use of their information) using WhatsApp’s in-app ‘delete my account’ feature. When a user deletes his/her WhatsApp account, his/her undelivered messages are deleted from WhatsApp’s servers as well as any of the user’s other information WhatsApp no longer needs to operate and provide the WhatsApp services.
Decision of the High Court
Judgement passed by the high court of Delhi is that the contention of the Petitioners that the proposed change in the Privacy Policy of WhatsApp amounts to infringement of the Right to Privacy guaranteed under Article 21 of the Constitution of India. This cannot be a valid ground to grant the reliefs as prayed for since the legal position regarding the existence of the fundamental right to privacy is yet to be authoritatively decided.
Be that as it may, since the terms of service of “WhatsApp” are not traceable to any statute or statutory provisions, it appeared that the issue sought to be espoused in the present petition is not amenable to the writ jurisdiction under Article 226 of the Constitution of India.
However, the judgment directed that:
- the information/ data and details of non-existent members as of 25/09/2016 shall be deleted and,
- the information of existing members up to 25/09/2016 shall not be shared with the Facebook thereof.
- And directed the state and TRAI to make a regulatory framework for the working of such applications like WhatsApp at earliest.
Approach to Supreme Court
A Special Leave Petition was filed with the Supreme Court seeking the following issues to be considered by petitioners.
- whether the privacy policy infringes the right to privacy of its user groups,
- whether the failure of the user to share their data with Facebook is impermissible,
- whether the way in which Whatsapp obtains user assent is misleading, and
- the Internet networking systems that allow users to share text/audio/video messages, data and render audio/video calls constitute ‘telecommunication’ systems and are subject to regulation by the competent authorities?
On 17th March 2017, facebook duly filed the affidavit stating the following reasons as to why the petition is not maintainable against them-
- Users have willingly signed agreements, which is therefore a consensual contract.
- Facebook and WhatsApp are private entities and are thus not subject to the jurisdiction of the High Court. Consequently, this Special Leave Petition is therefore not preserved as it is the product of that writ petition only.
- WhatsApp assures the confidentiality of messages with the support of “End to End Encryption” and hence neither Facebook nor WhatsApp has access to information.
- Facebook India online service private limited contended that they only provide marketing and technical support to the main office of Facebook Ireland limited hence the petition is not maintainable against them.
On 20th March 2017 Department of Technological advancement also filed the affidavit and stated the reason as to why the petition is not maintainable against them.
- Telecom Service Providers do not have authority, rights and obligations for the functionality of over-the-top services (OTT) (services that are available on the internet and run on telecommunications operators, e.g. WhatsApp).
- TRAI has indeed issued a policy document on OTT regulation and has yet to publish its suggestions to the Department of Telecommunications.
Other arguments by Petitioner-
- The writ is to seek relief from the state hence the writ is maintainable under the jurisdiction of the supreme court.
- Right to privacy can be applied even against the non-state entities.
- WhatsApp’s ‘take it or leave it’ contract violates Article 19(1)(a) as informed consent is a facet of Article 19(1)(a).
Other arguments by respondents-
- Respondents argued that it was made clear in the policy that it could be modified if a takeover occurred.
- Counsel, on behalf of the Government, noted that data protection legislation can only be brought forward after a report by the Committee of Experts on the data protection framework for India has been discussed.
Present situation
The decision on the petition is still underway and, with a clear acknowledgement of the fundamental right to privacy, it is anticipated to be a testing ground as to whether the implementation of that right is intersecting. More explicitly, it is likely to be a predictor of whether the positive responsibility of the State is exhausted or at least legally satisfied with the implementation of the Data Law on Protection.
While the court has denied immediate relief, it has asked WhatsApp, Twitter and Google to submit responses relating to their policies on disclosure of information to third parties.
Conclusion
In conclusion, the Supreme Court has been careful to ensure that the contours of informational privacy are established while leaving the drafting to the legislature. In fact, the data security lawsuits brought since the judgment have exposed some of the most significant shortcomings of the new data protection system. With a verdict of the Supreme Court on such cases and laws devoted exclusively to data security, it can be expected that India can make significant progress in data safety.
References
- Data protection analysis: https://indiacorplaw.in/2018/10/data-protection-part-1-introduction-background-critical-analysis.html
- Exploring constitutional morality and data privacy: http://docs.manupatra.in/newsline/a rticles/Upload/ABEF2850-B7AE-4394-8A28-16D92F56C14D.pdf
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: