Image source: https://blog.ipleaders.in/new-rules-privacy-whatsapp-users/

This article has been written by Sukeshi Singh pursuing a Diploma in Merger and Acquisitions (PE and VC transactions) from LawSikho.

Introduction to the controversy

WhatsApp had originally planned to make its privacy policy applicable across the platform by February 8, 2021. However, it faced a strong public outrage that even helped promote competitors like Signal and Telegram. This outrage along with several warnings from the Ministry of Electronics and Information Technology (“Meity” or “Ministry”), eventually delayed the implementation of WhatsApp’s new privacy policy until May 15, 2021.

The new WhatsApp policy update (“policy”)

Since the announcement of its updated privacy policy, which did not sit well with the users, WhatsApp has announced that the update is primarily meant for businesses using its messaging platform through the WhatsApp business app. WhatsApp had clarified that the updated Policy would not impact the private conversations/ interactions between family and friends on the platform. The company also specified in a blog post that it would continue to provide end-to-end encryption for private messages, and it did not keep logs of its users’ messaging and calling.WhatsApp’s official statement shared by The Verge has been produced below:

“While most people use WhatsApp to chat with friends and family, increasingly people are reaching out to businesses as well. To further increase transparency, we updated the privacy policy to describe that going forward businesses can choose to receive secure hosting services from our parent company Facebook to help manage their communications with their customers on WhatsApp. Though of course, it remains up to the user whether or not they want to message with a business on WhatsApp.The update does not change WhatsApp’s data-sharing practices with Facebook and does not impact how people communicate privately with friends or family wherever they are in the world”  

Download Now

This detailed clarification from WhatsApp came soon after Elon Musk, now the richest person in the world had tweeted to the users to ‘use signal’. Please note that the secure hosting services being discussed here shall be provided by Facebook to the businesses which will facilitate the businesses to manage WhatsApp chats with their customers, answer questions, and send helpful information like purchase receipts. However, when a user communicates with such a business by phone, email, or WhatsApp, Facebook shall be privy to such information and may use such information for its own marketing purposes, which may include advertising on Facebook. Here, the users communicating with the businesses on WhatsApp using these services will not have an option to opt-out of such usage of information. Additionally, if a user on Facebook chooses to interact with a business on WhatsApp by clicking on the Facebook advertisement,  Facebook will be privy to such interaction and may use the information obtained thereinto personalize the user’s advertisement on Facebook.

The update raised a lot of concerns regarding WhatsApp sharing data with its parent company, Facebook. The same was clarified in  WhatsApp’s blog post stating that “This update does not expand our ability to share data with Facebook”. This was carefully worded as WhatsApp has been, in the past, sharing a lot of user data with Facebook, and therefore, this update was not essentially expanding the scope of data shared. 

Information shared with Facebook

The information actually shared with Facebook has been clarified by WhatsApp in its FAQs section. The information shared by WhatsApp with Facebook includes account registration information, like phone number, name, any transaction data, if the user is using WhatsApp Pay or Facebook Pay, all services- related information, information relating to the mobile device, IP  address of the user, information on how users interact with businesses that are using the hosting services and other information as may be identified in the privacy policy section of WhatsApp from time to time. 

Consequences for non-acceptance of the policy by the Users

On May 17, 2021, WhatsApp had announced that it will not delete the user account if the Policy is not accepted, which is opposite of the stance taken by the social media giant earlier, wherein it had expressed that after a certain time period if the user has not accepted the Policy, the account would be deactivated and later deleted. However, when this did not sit well with the users of the platform, WhatsApp changed its stance stating that the account will not be deleted but certain features on the account would be suspended for the time being, i.e., a user may not be able to access their WhatsApp chat list, but the app will be permitted to answer or make incoming voice and video calls.

Legal issues with the updated policy

From January 2021 till date, WhatsApp has received several warnings from Meity to withdraw the new policy update. According to Meity, the new privacy policy is “discriminatory”, “unfair” and “irresponsible”. The Ministry realized that the Policy Update was not enforced in European Union due to its strict General Data Protection Regulations (GDPR) and accused WhatsApp of discriminating between its Indian and European Users. WhatsApp users in Europe do not have to accept the new privacy policy. They could opt out of the changes without the fear of their WhatsApp account being deleted or features being restricted (a scenario that is not applicable for Indian users).

WhatsApp’s response to the Ministry 

Despite the threat of legal action by the Ministry, WhatsApp seems undeterred. After much persuasion and warnings of taking the legal route, WhatsApp announced that it will not limit features if a user does not accept the privacy policy. However, it stated that until the Personal Data Protection Bill, 2019 comes into force, it will abide by the present data protection law prevalent in India and keep reminding the users about the update from time to time. 

Ironically, just one day after this statement by WhatsApp. WhatsApp has now questioned the existence of the right to privacy under the new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 by filing a petition in the Delhi High Court.

The information technology (intermediary guidelines and digital media ethics code) rules, 2021(“the rules”)

Introduction 

The Information Technology (Guidelines For Intermediaries And Digital Media Ethics Code) Rules, 2021 were notified by the Centre on February 25, 2021, and a 3 (three) month window was given to the social media intermediaries to comply with the Rules. The Rules impose a code of ethics on social media intermediaries and mandates a triple-tiered grievance redressal framework. The Rules also provide for 16 (sixteen) due-diligence measures to be adhered to by the social media intermediaries, which includes an obligation to not host, publish or store information that may be detrimental to the interest of public order, decency or morality, security of State, etc. The Rules also contains a clause which provides for criminal liability upon the employees for non-compliance of the Rules by the intermediaries, notwithstanding the safe harbor provision provided by Section 79 of the Information Technology Act, 2000, which states that the intermediary will not be liable for any third-party information, communication or data hosted by it, subject to exceptions. 

Constitutionality of Rule 4 (2)

The Rules have essentially been brought about to make the social media intermediary responsible for the content posted by its users. Rule 4 (2) of the said Rules states that a social media intermediary primarily engaged in providing services relating to messaging shall observe additional due diligence. The additional due diligence states that the social media intermediary engaged in providing messaging services shall provide/ enable the identification of the first originator of the information, as may be required by a judicial order passed by a court of competent jurisdiction or under Rule 69 of the Information Technology (Procedure and Safeguards for interception, monitoring, and decryption of information) Rules, 2009. 

This provision will be applicable only when the order is passed for the purposes of prevention, investigation, prosecution, or punishment of offenses relating to the sovereignty and integrity of India, the security of the State, friendly relations with foreign states, or public order, or of incitement to an offense relating to the above or in relation with rape, sexually explicit material or child sexual abuse material, punishable with imprisonment for a term of not less than five years.

According to WhatsApp, which qualifies as a social media intermediary under the Rules, requiring such tracing of the first originator would defeat the entire purpose of end-to-end encryption which is a significant feature of WhatsApp and will fundamentally undermine the right to privacy, which is a fundamental right as per the landmark judgment of Justice K.S Puttaswamy v. The Union of India. 

WhatsApp’s contentions against the Rules are as follows:

  1. WhatsApp pointed out that there are issues relating to the enforcement of this provision because to find out the first originator, services will have to go through the chats of many users which would subsequently lead to mass surveillance and is against the right to privacy.  
  2. Due to the general tendency of copy-pasting, it would be difficult to understand the original context of the many messages. 
  3. To implement this rule, WhatsApp will have to change its entire system and remove the concept of end-to-end encryption. End-to-end encryption is a measure to protect the privacy of the users, removing this would expose the platform to vulnerabilities and make the platform less secure. 

Also, in my opinion, mass surveillance will require substantial manpower which will be financially more burdensome for all platforms. The Rules are being opposed by another social media intermediary, Twitter, but for other reasons. Twitter in its statement released on May 28, 2021, on its platform, has expressed its concerns over a potential threat to freedom of speech and expression and intimidation tactics that may be used by police in response to enforcement of the new Rules. Twitter is opposing the Rules since the Rules give Government the power to demand takedown of any content deemed objectionable, but this dilutes Twitter’s identity of being a platform that welcomes all manner of political debate and government critics. 

Right to privacy judgment

In the case of K.S Puttaswamy v. the Union of India, it was decided that the right to privacy is a fundamental right. However, it was also held that this right, like other fundamental rights, is not absolute and is subject to exceptions. The text from the judgment has been produced below for reference: 

“Like the right to life and liberty, privacy is not absolute. The limitations which operate on the right to life and personal liberty would operate on the right to privacy. Any curtailment or deprivation of that right would have to take place under a regime of law. The procedure established by law must be fair, just, and reasonable. The law which provides for the curtailment of the right must also be subject to constitutional safeguards.”

It further states that there shall be no interference by a public authority with the exercise of the right to privacy except as is in accordance with the law and as is necessary for a democratic society in the interests of national security, public safety, or the economic well-being of the country and for the prevention of disorder or crime. However, it is pertinent to note that what constitutes national security or public safety or the parameters to decide the same has not been laid down in law and would be at the discretion of the Executive of this Country, thereby, giving extensive powers at the hands of the Government. 

References 

  1. https://twitter.com/Policy/status/1397818575906250754.
  2. https://www.livelaw.in/news-updates/three-months-window-for-social-media-platforms-to-comply-with-new-it-intermediary-rules-expires-today-174656.
  3. https://www.businessinsider.in/tech/apps/news/whatsapp-says-it-will-wait-for-the-indian-government-to-pass-the-personal-data-protection-law-before-limiting-features/articleshow/82931362.cms.
  4. https://www.thehindubusinessline.com/info-tech/whatsapps-new-privacy-policy-yet-another-reason-why-india-needs-data-protection-law/article33542521.ece.
  5. https://indianexpress.com/article/trending/trending-in-india/whatsapp-2021-privacy-policy-deadline-memes-7316309/.
  6. https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy/?lang=en.

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

LEAVE A REPLY

Please enter your comment!
Please enter your name here