Image Source: MessengerPeople
The WhatsApp Privacy Policy Update (“2021 update”) released in January this year has been making many headlines consistently ever since. The said update took effect on May 15th. WhatsApp has explained that in order for users to have access to the functionality of the app, they have to accept the new terms. WhatsApp has started sending reminders to accept the new policy with the 2021 update, and after a few weeks, the company will disable some of the features for those who don’t accept the update.
As explained in our earlier article on CCI’s investigation of the 2021 update, this new policy gives WhatsApp the right to share user data such as phone number, IP address and payment related data on the app with Facebook and other Facebook owned companies like Instagram. Data including messages generated from customer-business interaction on WhatsApp will also be used by Facebook to advertise to the said customer on Facebook. The 2021 update has also been scrutinized by the Competition Commission of India under the lens of antitrust law. The Delhi High Court has refused to set aside the CCI order which directed a probe into the 2021 update for being allegedly anti-competitive.
In an affidavit filed before the Delhi High Court in the case of Seema Singh v. Union of India, WhatsApp submitted that the 2021 update gives its users the liberty to either accept the 2021 update or choose not to do so, and stop using the messaging platform. WhatsApp also noted that users have the option to delete their WhatsApp accounts as and when they want. Naming private companies such as Google, Microsoft, Zoom, Zomato, Republic World, Ola Cabs, True caller, Big Basket, Koo, and public companies such as Aarogya Setu, Bhim, Air India, Sandes, Government e-Marketplace (GeM) and Indian Railway Catering and Tourism Corporation (IRCTC), WhatsApp claimed that though these companies had similar privacy policies to the 2021 update, they were allowed to retain their right to collect their users’ data.
In its counter-affidavit filed in the above-mentioned case, the central government asserted that until the Personal Data Protection Bill, 2019 was passed, the Information Technology Act, 2000 and the rules made thereunder would constitute the Indian data protection regime. Based on the above assertion, it claimed that the 2021 update is violative of the data protection laws in India. It further stated that the failure of the 2021 update to distinguish between personal data and sensitive personal data was problematic. Contending that the 2021 update violated the IT Rules 2011, the central government urged the Delhi High Court to restrain WhatsApp from implementing the 2021 update.
On May 18th, the Ministry of Electronics and Information Technology (“Ministry”) sent a notice to WhatsApp asking it to withdraw the new privacy policy. It observed that mere deferral by WhatsApp of the last date to accept the updated terms beyond its deadline of May 15 did not absolve it from respecting informational privacy, data security and user choice for Indian users. The Ministry officials said that WhatsApp may face legal action in India by May 25 if it does not send a satisfactory reply to the said notice. This is the second communication by the Ministry to WhatsApp asking to withdraw its controversial privacy policy. In January, the Ministry had written a letter to Will Cathcart, the global Chief Executive Officer of the instant messaging platform, asking that the latest privacy and policy update be withdrawn.
Some are deliberating that the Ministry’s notice to WhatsApp may also be challenged before courts. It will be interesting to see the outcome of this highly debated 2021 update.
Reported by Melita Tessy, Researcher at IntellecTech Law
[ORIGINALLY POSTED ON MAY 22, 2021]
Comments