This article has been written by Divya Dwivedi, pursuing the Diploma Programme in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho.
There have been many movies, but “The Social Dilemma” which is an American docudrama released in 2020 (a must watch) that examines the serious issue of social media’s effect over mental health (including the issues related to rising teen suicides and mental health of adolescents). This docudrama primarily explains more social media platforms and big tech companies and how they have been instrumental in providing positive change in the society and alongside it also notes that such platforms have caused issues that when not addressed properly affect the society at large, and has political and cultural consequences as well.
How is the information shared by Users being used by WhatsApp?
WhatsApp uses information provided by the user (it is subject to the choices an individual makes and also about the applicable law) in order to provide, operate, understand, improve, customize, support, and market their Services.
It uses the information to operate and provide the services, which include customer support systems; help in purchases or transactions while improving, fixing, and also customizing their Services; and connecting those Services with Facebook Company Products that users may use. The company also uses the information to understand how people use the messenger services; evaluate and improve services accordingly; and also, to do research, develop, as well as test the new services along with new features; it also conducts proper troubleshooting activities. They also use customer information to respond when users contact the company.
The company uses the information for verification of the accounts and activities; used to combat harmful conduct by any entity; it also protects the users against the bad experiences and spam that they may see while using the application; and it promote safety with security and integrity on and off the services, such as by investigating suspicious activity or violations of the company’s terms and policies, and to ensure that the services are being used legally.
Business Interactions enables the user and the third party, for example, businesses, in communicating and interacting with each other by the proper use of the said services, such as Catalogs for businesses on WhatsApp through which one can browse products and services and place orders.
What is Third-party information?
While talking in terms of Commerce, a “third-party source” means a supplier or a service provider who is not directly controlled by the seller, the first party or the customer/buyer, the second party when checking the business transaction. It is considered that the third party is independent from all others, even if he/she is being hired by them itself, as all control is already vested in that connection.
In terms of understanding with regard to Information Technology, a “third-party source” will be a supplier of a computer accessory or software for that matter who is independent of the supplier and the customer of the major computer product or products.
To understand the term in relation to E-commerce, “third-party source” explains that it is a seller who publishes the said product in a marketplace, or without this marketplace to own or to physically carry on those products. When an order is placed, the third-party seller has the item and fulfils it requirement. According to WhatsApp, it is fully encrypted, but that does not mean it cannot be hacked. For example, the individual may choose to use the third-party data backup services (for example – iCloud or Google Drive) which are integrated with the services by the provider or it also interacts with the share button over the third party’s website which enables the individual to send the information on to other individuals WhatsApp contacts.
WhatsApp works along with the third-party service providers and also with the other Facebook Companies in order to help them provide, operate, understand, customize, improve, support, and also do the marketing of the services. Please do note that when the individual uses these third-party services or Facebook Company Products, it is their own terms and privacy policies that will govern the individual’s use of those services and products.
Are user’s privacy rights protected? And how will it affect global business?
A report by an internet security researcher has recently claimed about the application that more than 1,700 private WhatsApp group links were made visible on Google via web search. WhatsApp has clarified that if the users choose to utilise the services like “Shops” (Facebook-branded commerce feature), then their shopping activity may be used by the application to personalise the user’s experience and there can be individual target ads be seen on Facebook and Instagram. Claims that these features are optional.
Many business leaders like Elon Musk (he is now the richest person in the world, so he must be right about something, it seems), Paytm founder Vijay Shekhar Sharma, Mahindra Group Chairman Anand Mahindra and very recently PhonePe CEO Sameer Nigam have already spoken about moving to rival platforms.
Presence of WhatsApp Globally
The top 10 list of countries with the highest number of users in 2019:
- India – 340 million
- Brazil – 99 million
- United States – 68 million
- Indonesia – 60 million
- Mexico – 57 million
- Russia – 54 million
- Germany – 44 million
- Italy – 33 million
- Spain – 30 million
- United Kingdom – 27.6 million.
Existing Laws in the top 10 Countries
According to the UNCTAD (United Nations Conference on Trade and Development) website, 66% countries are equipped with Data Protection and Privacy Legislation, one of them is India that has the Information Technology Act, 2000. And, 10% of the countries have Draft Legislation as well, with 19% countries having no Legislation and the remaining 5% countries information is not available.
India – Basically, India does not have any special legislation for Privacy and Data Protection yet. It has a mix of a couple of legislations to take care of the problem. Currently, Information Technology Act (No. 21 of 2000) in combination with other suitable legislation are used for targeting the issues related to Data Privacy. India is trying to spearhead the problem by bringing in a comprehensive legislation called Indian Personal Data Protection Bill, 2018, which is currently being discussed and several amendments have been suggested to it.
Brazil – A patchwork has been tried by combining several individual legislations and frameworks together. While Brazil’s Consumer Protection Code 1990 targets the topics of collection of data, storage of the said data, processing of data and usage of the personal data, the Brazilian Internet Act 2014 regulates all the details regarding privacy and personal data online.
United States of America – The US mostly relies on a compilation of legislation, regulations being imposed by law and also by means of self-regulation. Almost 20 industry-specific laws are in place at the national level, while there are more than 100 individual state-specific Privacy Laws. Of all the states, the most vigilant is California as it has more than 25 Privacy Laws in place to govern. California Consumer Privacy Act (CCPA) governs privacy rights by giving residents four most important rights, namely, right to notice, right to opt-in or opt out of any service, right to equal services provided by the entity and right to access.
If an organization is collecting personal data whether the place of business is in California or not, they have to comply with CCPA. Pertinent privacy laws include the Privacy Protection Act 1980, the Privacy Act 1974, the Health Insurance Portability, Accountability Act 1996, the Gramm-Leach-Bliley Act 1999 and Fair Credit Reporting Act 2018.
The USA also enjoys power with a special “privacy shield” agreement that it has with both the EU and Switzerland.
Indonesia – Indonesia has tried to piece together the Data Privacy law by combining the Electronic Information and Transactions (EIT) Law (2008) along with the Amendment No. 19 of 2016 and Regulation No. 82 of 2012 along with the Regulation No. 20 of 2016 (the MOCI Regulation). The country is at present trying to put together a draft Bill that is mostly inspired by the provisions of the European Union Law.
Mexico – There is a Federal Law that governs the Processing of Personal Data with regard to a private entity called Private Properties 2010. In it, the word “processing” is defined to include collection, disclosure, usage, access, storage, disposal of data, transfer of data as well as management of data. The private sector is also in a way controlled by other legislations in Mexico, including the Privacy Notice Guidelines 2013, the Protection of Personal Data held by Private Parties 2011 and also the Parameters for Self-Regulation 2014. The Federal Institute for Access to Information and Data Protection (IFAI) is also assigned with the duty to take care of enforcement in Mexico.
Russia – Primarily, through Federal Law on Personal Data 2006 (Act No. 152 FZ) and Information Technologies and Information Protection Act 2006, Russia enforces the processing and collection of personal data. There are also a number of sector-specific and general laws in place to take care of the matters related to Data protection, like the Russian Air Code 1997, Russian Labor Code 2001 and Articles 23-24 in the Russian Constitution of 1993. Any law related to Data protection applies to all the entities that organize, process, determine the purpose of data collection and content of data that is related to the operations.
Germany – Germany is the best example to follow when it comes to Data Privacy laws. It adheres to all the GDPR obligations to the core. The country has Federal Data Protection Act, 2017 (called BDSG) for taking care of the personal data collectors and processors. The law includes subject rights, informed consent, transfer of personal data, among many more things.
Italy – Though the Constitution of Italy does not have any specific provision for Right to Privacy, but after 1973 they included it in the Constitutional Court after which it was added by the Court of Cassation almost two years later. In the primitive stages, the right to privacy protected the person’s private life as well as a domicile. Later, as and when technology evolved, this right was also extended to protect the ability of Individuals through which they could decide for themselves about the kind of information being collected or how that information was to be used. In 1996, the first law came into existence to deal with the privacy issue, but it was later repealed in the year 2003 by Codice in Materia di Protezione dei Dati Personali (Personal Data Protection Code). It included almost all the principles of EU Directive that were related to Data Protection and Directive on privacy and Electronic Communications. This Code in express manner recognizes Right to Personal Data Protection.
Spain – On December 6, 2018, the Official Gazette of Spain published the Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights. The date of the publication of the law is significant as the Constitution Day marks the anniversary of a referendum held in Spain on December 6, 1978. There are five key issues: The object of the law, data subject rights, the data protection officer, the processing of personal data by political parties, and digital rights in the labour field.
United Kingdom – The Data Protection Act, 2018 is the one that incorporates the EU GDPR as supplementary provision for the UK. It focuses significantly on the Data Subject Rights, Data Protection Fees, Offences related to Data Protection, Consent from Children, Special Category Personal Data and enforcement. Since March 29, 2019, the UK is not a member state of the EU. However, the UK has not cleared the doubt about changing the Data Privacy Laws.
Is accepting the policy the only option for Users?
There will be a requirement to give the consent by the user so that Facebook can access their data, it will also include the phone numbers and other related information about how the user virtually interacts with others for continuous use of the application. In essence, all it means is that it will be possible for Facebook to access the account information which will include the phone number of the user, any information on how the interaction with other users take place, along with the data related to the logs how long the individual is using WhatsApp and also how often this process takes place between the said parties.
Any other kind of data which will be shared with Facebook will include the IP address of the user along with the browsing details then what language the user is using and the time zone the user is present.
The update, that is supposed to be released on February 8 will affect millions of WhatsApp users all over the globe except Europe and the UK (keeping in mind that Facebook has to follow the strict laws that are in place in European Union and UK). Addressing the concerns of the users’ over the privacy issue, WhatsApp head Will Cathcart tried to clarify that the update will affect the business communication only and not the private ones.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: