WhatsApp New Privacy Policy: Is there a Privacy Concern?

WhatsApp, owned by the social media giant, Facebook, recently announced a change in their privacy policy causing havoc. WhatsApp has approximately 2 billion users worldwide, and a tremendous chunk of those are from India. As of 2021, WhatsApp’s business in India spanned over 459 million monthly active users[1]. WhatsApp’s user base is so large in India, that there is a huge difference of 241 million+ users between India and their second largest users, Brazil[2]

These changes will be applicable from February 8th, 2021 and users must agree to them if they wish to continue using the App. If not, the services will be terminated. With the consumers being aware and sensitive about their privacy, WhatsApp is at the risk of losing their major business. What is causing even more annoyance is that this new policy doesn’t apply to the European Region[3].

WhatsApp’s New Policy:

Integration:

Facebook’s lead, Mark Zuckerberg announced in October 2020 that the Giant is working towards integrating all their services across Facebook such as Messenger, Instagram and WhatsApp. Instagram and Messenger have already been integrated[4]. The new policy also explains how Facebook has introduced business options through WhatsApp and is also rolling out Payment options. This new policy raises large privacy concerns due to the way Facebook plans on handling this data. Further, an antitrust case is going on in the US Federal Court against its monopolistic concerns and asks to delink its services such as Instagram and WhatsApp from their main, Facebook. The company may be hoping to show the entire integration as a done deal in this case.

Effect on Users:

Now, how does the integration affect us? Being users of the services offered by Facebook, it is obvious that their servers hold data and information about us. Simplifying the scenario, the current information is held in two boxes separately- one of WhatsApp, and the other of Instagram. Now, if these boxes were to integrate into one, there would be a lot more information in them together, as opposed to them being separate. The combined box would know all your data from the two different services. Thus, it would be able to learn more about you. For example, it will be able to identify phone numbers associated with different accounts which may be saved or used with another name or number. It may also be able to tie accurate location deriving it from interchanging app data. Facebook will be able to compare contacts and interactions on WhatsApp, shared locations and even payment details when one uses WhatsApp transaction services. Thus, your privacy is directly impacted.

New Policy- Data Stored:

The data includes information such as user-interactions, time, frequency and duration of activity, features used such as messaging, status, groups, payment and business options, profile photos, and “about” information. It will also store information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (phone number, mobile operator), language and time zone, device information. Regarding third party services, the policy states:

When you or others use third-party services or other Facebook Company Products that are integrated with our Services, those third-party services may receive information about what you or others share with them. For example, if you use a data backup service integrated with our Services (like iCloud or Google Drive), they will receive information you share with them, such as your WhatsApp messages. If you interact with a third-party service or another Facebook Company Product linked through our Services, such as when you use the in-app player to play content from a third-party platform, information about you, like your IP address and the fact that you are a WhatsApp user, may be provided to such third party or Facebook Company Product.[5]

This is a worry because that is a lot of information being revealed. It is worrying as Indians use WhatsApp for everything. From personal interactions to school, college, offices, society/community and welfare groups all use the app to share everything. So Facebook will know everything, from the links you share to addresses, photos, minor information etc.

Also Read

End-to-End Encryption:

WhatsApp currently has something called ‘End-to-End Encryption.’ Encryption is the process by which a piece of information is scrambled and randomized using a mathematical formula such that it could be deciphered only by the device it is meant for. In simpler words, messages sent through the app are only visible to the sender and the receiver[6]. However, there have been incidents of leaks in the past that question its privacy and security. With these developments with their privacy policy, this data sharing expansion has a larger risk of leakage of private data.

Liability in case of Privacy Breaches:

While on one hand, Facebook commenced the integration of data sharing across the platforms, on the other hand, it claims no liability in case of unlawful activity or privacy breaches. The Ministry of Electronics and Information Technology (MEITY) is taking a close look at this new policy. Intermediaries are those that do not own content and are mere platforms where third-party entities place content. This status prevents liability in case anything unlawful is noticed on the platforms. If there is something problematic placed by these intermediaries, the government can direct them to remove such consent; if the same is not done, then the government can take action against it.

However, Facebook states that it is the owner of all services under them and hence can be safely not considered as an intermediary. Thus, it may lose the immunity it has concerning any objectionable content found on its platform at any given point of time[7].

European Union’s Immunity:

While WhatsApp’s new policy has severely impacted India, the European Union stands immune to it. The first sentence in the updated policy itself states that the new policy is for people living outside the European Union. This is due to the data protection laws in place in the region. WhatsApp is legally bound NOT to share data of persons under the Union with Facebook as it goes against their General Data Protection Regulation (GDPR)[8]. This GDPR is a very important regulation, standing as a strong international example for other nations. This regulation was passed in 2018 and regulates companies to protect citizen’s personal data. Companies that fail to comply face severe fines and penalties.

Some important provisions include right to erasure, wherein subjects may direct the controller to completely erase their personal data under certain circumstances. It requires companies to place pertinent policies to protect the citizens’ data. Further, the provisions against data breach are strict and time-bound. This means that not only will the breaches be detected quicker; they will be dealt with faster. This places citizens’ right to privacy at the highest[9].

India & Privacy:

In this ramble, an important conversation may be lost: India’s Data Protection Laws. Currently, India does not have in place any laws enacted primarily for data protection. Maybe if India had stronger personal data protection mechanisms in place, like those of the EU, the action from Facebook could not have been possible.

In a recent landmark case, K.S Puttaswamy (Retd) & Anr Vs  Union of India and Ors,[10] it was held that Right to Privacy was read into the Fundamental Rights, specifically under Articles 14, 19 and 21 of the Indian Constitution, apart from certain reasonable restrictions. Apart from this, the Constitution does not specifically grant for privacy.

The only regulation in place is the Information Technology Act, 2000[11] and its corresponding IT Rules[12]. The IT Act deals with the issues relating to the payment of compensation and punishment in case of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data.

Section 43A of the Act is relevant in this discussion. It states, “A body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected.” There is no specified compensation that can be rewarded to the affected party.

However, this is not enough. To tackle the privacy concerns raised currently, India needs a fresh, updated data protection policy. This is one reason why Indian citizens have become vulnerable.

Personal Data Protection Bill[13]:

The Personal Data Protection Bill was introduced in the parliament in 2019. The Bill seeks to protect personal data of individuals, create a framework for processing it, and establish an Authority for the purpose. The bill provides for various rights, some of them similar to the EU’s GDPR. It aims to put curbs on the transfer of personal data outside the country and this may come in conflict with WhatsApp’s new privacy policy.

The Bill regulates personal data, its processing, collection and storage. It governs the processing of personal data by the government and companies incorporated in India as well as foreign companies, if they deal with personal data of individuals in India. It also grants rights such as data portability, correction and erasure, and the right to be forgotten. It provides for transparency and accountability measures[14].

A Road Forward:

Many eminent people around the world have voiced their concerns over the new policy situation. Elon Musk, SpaceX CEO and business magnate, recently simply tweeting[15] stated, “Use Signal”, definitely added a boost to a large migration of users from WhatsApp. This is also the first time WhatsApp is seeing such a large reduction in user numbers.

Signal is a messaging software, similar to WhatsApp, having the end-to-end encryption model. It was designed by the ex-co founder of WhatsApp, Brian Acton and current CEO Moxie Marlinspike. Acton who WhatsApp in 2017 and funded Signal[16]. It seems to be safer compared to the developments by WhatsApp.

WhatsApp seems to be caught in a disadvantageous situation with its current move. Unless it decides to revert its decision, one can choose to exit the app or move forward with it. In case one decides to keep using it, one must make sure not to share private/ personal data and use it for casual conversations; with caution. Concerned over the growing public outcry, Facebook has also called a meeting of its India Client Council to discuss the matter. However, since the situation, it has always reiterated the safety of the app saying that both WhatsApp and Facebook cannot access private messages or calls. “WhatsApp cannot see your private messages or hear your calls, and neither can Facebook: every private message, photo, video, voice message, and document you send your friends, family, and co-workers in one-on-one or group chats are protected by end-to-end encryption. It stays between you [17].

Read, Understand, Ask, and then choose. Only one question then remains: How far are you willing to risk your privacy?

Author:

Sai Kulkarni
Intern at Law Trend


[1] techcrunch.com: 20 21.01.11: YouTube and WhatsApp inch closer to half a billion users in India

[2] https://www.statista.com/countries-with-the-most-facebook-users

[3] The Hindu Business Line: WhatsApp’s New Privacy Policy: Yet another reason why India needs data protection law

[4] Business Standard: WhatsApp’s new privacy policy: what changes and why it’s a worry

[5] https://www.whatsapp.com/legal/updates/privacy-policy/?lang=en

[6] The Business Standard: Understanding WhatsApp and its end-to-end encryption for privacy

[7] https://www.financialexpress.com/industry/technology/data-privacy-concern-over-whatsapps-new-policy/2167935/

[8] Ibid 3

[9] digitalguardian.com/what-is-gdpr-understanding-and-complying-gdpr-data-protection

[10] K.S Puttaswamy (Retd) & Anr  Vs  Union of India and Ors (WP (C) 494/2012)

[11] https://www.indiacode.nic.in/bitstream/123456789/1999/3/A2000-21.pdf

[12] https://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf

[13] http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf

[14] https://www.prsindia.org/theprsblog/personal-data-protection-bill-2019-all-you-need-know

[15] https://twitter.com/elonmusk/status/1347165127036977153

[16] businesstoday.in:signal-app-vs-whatsapp-key-features-all-you-need-to-know

[17] exchange4media.com/digital-news/whatsapp-in-a-catch-22-situation-over-the-new-privacy-policy

Law Trend
Law Trendhttps://lawtrend.in/
Legal News Website Providing Latest Judgments of Supreme Court and High Court

Related Articles

Latest Articles