WHATSAPP'S UPDATED PRIVACY POLICIES AND INDIA'S DATA PROTECTION LAWS - Truth and Youth
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
WHATSAPP’S UPDATED PRIVACY POLICIES
AND INDIA’S DATA PROTECTION LAWS
Posted on February 7, 2021
Categories: Cyber Law, Research Article
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 1Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
Author: Susan Joshy, a second year BLS LL.B. student at the
University of Mumbai.
ABSTRACT
The world today is a global village, connected and networked by the string, called “the
internet”. In this world where our activities, be it learning, working, shopping, networking
or communicating, is directly or indirectly connected with the internet. Data becomes the
kernel of this virtual sphere, and its protection poses to be of prime importance to the
user. With increasing digitalisation of the economy, data protection becomes even more
imperative. What happens when this data privacy is breached and data sold or misused by
an app used by billions across the globe? The recent update of WhatsApp’s privacy policy
has received contempt by users all around the world. This paper aims to study minutely
WhatsApp’s new set of privacy policies; how the user’s data could be used or misused and
how it tends to affect the user’s privacy. Also, would scrutinize its terms and set out
updates differently for Europe in comparison to the rest of the world, and the reason
behind this distinction. Further, this piece would look into data protection legislations,
through the Indian and global lens and their perspective regarding a person’s virtual
privacy. The main questions that this paper will try to answer is, whether WhatsApp is
really safe and how does WhatsApp tend to impugn a user’s data. It further studies the
alternatives to WhatsApp, suggestions, and guidelines and the need to protect one’s data.
INTRODUCTION
A technological world, a world where not having our smartphones in one hand while our
toothbrushes in the other, early in the morning, to anxiously and eagerly check on the
news, gossips and fun conversations we missed out during the 8-hour long nap we had,
would leave us a little restless. That is how ingrained WhatsApp is in our daily lives. In the
past few years WhatsApp has arguably become the most used, convenient and entertaining
instrument of networking. WhatsApp has been a loyal digital medium of connecting people
of varying age groups all around the world. However, this image of WhatsApp got
tarnished with the new policy set out. Users globally criticized the policies and even opted
for an alternate medium of instant messaging. What caused the huge outcry was the
raging rumour that “WhatsApp will now share all its data with its parent company,
Facebook”. “Facebook can now read all your chats and have access to everything you
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 2Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
share on WhatsApp”. Although, the former part of the news being true, it is just a fraction
of the whole truth and many baseless rumours stayed unclarified.
THE POLICIES AND THEIR PROBLEMS
To delve into the reality of the policy, one needs to look into how WhatsApp works,
generates revenue and its connection to the updated policies. WhatsApp began its venture
with the tagline “no ads, no games, no gimmicks'' and even today, after 10 years of
exhilarating popularity and growth in the mobile communication sector, stands proud of its
non-deviating principles and services. It boasts of being the same ad-free, game-free, only
messaging platform it used to be in its initial days. So, the question remains, how did it
make ends meet, or how did it generate revenue. The makers of the app Initially charged
its users a nominal subscription fee of $1, and additionally received funding from Sequoia
capital and few friends. However, things took a turn when Facebook acquired WhatsApp
for a sum of $19 billion. Post Facebook, an advertisement-based platform having acquired
an app collects millions of users’ data, had plans curated to gratify or even up the
expenses. FOW (Facebook owned WhatsApp) added a feature to it, which let users build
their business profiles and thus directly letting them contact, and serve their clients, and
garnered revenue from business profiles. With each update, WhatsApp had the sole
intention to improvise itself and thus in 2016, introduced the end-to-end encrypted
feature, which lets no third party, including WhatsApp, to read the messages, media or
anything shared via WhatsApp. Despite messages being encrypted, there is an element of
risk for the users who may send their sensitive or personal data to a business profile, not
being aware of the number of employees designated to read and respond to them.
However, after the new privacy policy, WhatsApp has admitted that it would share the
data collected by the users which includes information like the person’s name, contact
number, status, contact list and their profile pictures. However, these are data which a
user voluntarily gives, WhatsApp would also take information that isn’t given by the user,
like the phone model, IP address, server, network and so on. Not just it, WhatsApp also
agrees that it would now share all the collected data, not just with Facebook, but all
Facebook companies, which includes Instagram, Onavo, Beluga, etc. this would help
Facebook and connected third party apps to exploit and misuse a user’s data for
commercial gains, by selling them to other businesses who commercialize their services
according to the user’s needs. However, all these years WhatsApp did the same, but the
difference is that the users had an option to opt out of this data sharing feature, the new
policy leaves no scope for a disagreement. If users wish to continue using WhatsApp, they
need to submit to the rules.
However, there is one thing which most of the users overlooked, and that is, WhatsApp
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 3Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
elucidated that all the privacy policies, updated lately, would be impervious to the
European users. WhatsApp users in Europe still have the choice to opt out of the data
sharing feature of WhatsApp.
EUROPEAN DATA PROTECTION LAWS
The most pertinent question raised would be, that what makes WhatsApp draw distinctions
between the European regions and the rest of the world. The answer lies in the stringent
data protection legislations of the European regions. The foremost thing that is to be noted
is that the European commission bestows on its citizens, privacy and protection of privacy
as a fundamental right. The General Data Protection Regulation is a well-defined law
introduced in 2016 and implemented in 2018, applicable to all the European Union
countries framed with the object that no business or organization intrudes a citizen’s
privacy. The GDPR puts an obligation on all companies functioning in the EU, of
processing the data only through lawful and fair means and only after due consent, and
even after processing it, it requires businesses and sites to maintain transparency about
the data’s usage. It holds the data collector accountable and expects their policies to be
compliant with the GDPR. The GDPR makes provisions of hefty penalties which may
amount to 20 million euros. It puts an obligation on businesses and service providers to
collect only essential information which is absolutely necessary to provide services. The
GDPR also makes it a compulsion to limit the access to personal data to only those
employees in the business’ organization who need it. Thus, WhatsApp being aware of its
policies’ incompliance with the GDPR, permits the European users to continue usage
without agreeing to the new features.
FROM THE INDIAN EYE VIEW
The Indian constitution didn’t initially recognize privacy as a fundamental right. However,
in 2017, the supreme court laid the historic judgement in K.S. Puttuswamy vs the Union Of
India that the right to privacy is a fundamental right protected by the constitution which
streams from the right to life and liberty under the 21st article and from the freedom of
speech and expression under the 19th article. The judgment also declared informational
privacy to be a subset of the right to privacy. But Even after 2 decades of rapid
technological growth, Indian legislations have failed to frame a data protection regulation.
There are just a few defined legislations which look into a person’s data protection. The IT
act 2000 and a part of the Indian contract act 1872 are the only legislations that are
relevant to data protection. The section 43A of the (Indian) Information Technology Act,
2000 states that a corporate body who is possessing, dealing or handling any sensitive
personal data or information, and is negligent in implementing and maintaining reasonable
security practices resulting in wrongful loss or wrongful gain to any person, then such
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 4Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
corporate body may be held liable to pay damages to the affected person. Article 72A of
the same act, disclosure of information, knowingly and intentionally, without the consent
of the person concerned and in breach of the lawful contract has been also made
punishable. But again, these laws are almost unassailable to big platforms like WhatsApp
and Facebook. So clearly a lack of proper defined data protection legislature in the
country, leaves the users at the risk of data exploitation.
Importance of data protection
As mentioned above, India is in a phase of evolving into a digitally versed country. With
initiatives like digital India, every activity is deeply influenced by technology. With
technology influencing every facet of life around us, and the quantum of personal
information being shared online or offline, it has become essential to guard personal data.
Data protection has increased more than ever on the onset of the Chinese app bans. The
government of India put a ban on 118 Chinese apps under section 69A of the IT act 2000,
which permits the government to restrict any website, app or information site if it tends to
threaten sovereignty, integrity and public order of the nation. A comprehensive legislature
providing data security becomes the need of the hour. With the increase in user-generated
data and the exponential industrial value of data, it’s becoming vital for the government
bodies take necessary steps to protect the data rights of their citizens. However, there are
no rules that govern companies and industries who collect and store data, and no
provisions for consumers to complain against a breach in data.
Personal data protection bill 2019
However, an attempt has been to introduce data protection legislations to the country. The
data protection bill was introduced in the Lok Sabha in December 2019, by the information
and electronics minister Ravi Shankar Prasad which claims to protect the rights of the
Indian citizens. This bill segregates data into three parts namely, personal data, which
includes a person’s name, traits, characteristics through which people identify themselves;
personal sensitive data which includes a person’s biometric data, caste, tribe, sexual
orientation, political affiliations, etc, and lastly critical personal data which would include
anything that the central government considers critical. The bill further makes provision
for processing of data, only after having acquired the data principal’s consent. The bill also
provides for rights that can be exercised by a data principal such as the right to seek
information regarding the manner or processing activities undertaken by the data
fiduciary with respect to the personal data. The bill also gives an opportunity to the data
principal to correct and erasure any personal data. The bill also provides for the
establishment of a data protection authority, a body that would protect the interest of data
principals, prevent misuse of personal data, ensure compliance and promote awareness
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 5Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
regarding data protection. However, one section that goes unnoticed and could prove to
be lethal as the bill allows the central government to permit any government agency to
process the data principal’s data without their consent, if it proves to be necessary for the
sovereignty, integrity, security and public order of the country . This provision is left
poorly defined and thus it leaves a broad scope for misuse and breach of data, which
ironically violates the very purpose of this bill. This, though might shield data principals
from businesses and sites, they ultimately fall prey to the government’s unconsented
authority.
CONCLUSION
All these provisions discussed currently are incompetent and thus fail to actually secure a
user’s digital/informational privacy, from big platforms and the government itself. This
leaves the Indian users unshielded from such policies like that of WhatsApp. This event
especially calls for a rigid and ruled data protection laws which unfortunately hasn’t even
taken form in India. If asked whether WhatsApp’s new policy is safe or not, we could say,
that as long as there isn’t any shield from the government, it is unsafe. One data of minute
and unrecognized importance to the data principal, could be of great value to businesses.
We usually tend to overlook the importance of privacy of data, even when WhatsApp
published its new policies, I could be certain that most of us, blithely without even having
a glance at it, headed to hit the agree button, most of them realized the problem only after
it received a backlash. That is where the problem begins, citizens must, first take
vehement interest in matters regarding their digital safety and privacy. As per a report
published by Digital Empowerment Foundation in 2018, nearly 90% of Indian citizens are
digitally illiterate. This could change only with awareness. They must be made aware of
this virtual web and its importance in our daily lives, through schemes, workshops, rallies
or any effective medium. But as of now, WhatsApp has given it users a space for 8 month
to accept and think about their policies. WhatsApp has made ardent efforts to convey that
it is still reliable and the users shouldn’t switch to other apps. But with the above
explanation, what one could do is, switch to alternative messaging options. Telegram,
WeChat or Signal could be conveniently opted for.
References
1. Aashish Pahwa, How Does WhatsApp Make Money? WhatsApp’s Revenue Model, May
18, 2020, freedough, How Does WhatsApp Make Money? | WhatsApp's Revenue Model
(feedough.com)
2. GDPR.EU, What is GDPR, the EU’s new data protection law? - GDPR.eu
3. Vijay Pal Dalmia, India: Data Protection Laws In India - Everything You Must Know,
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 6Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
13th Dec 2017, MONDAQ, Data Protection Laws In India - Everything You Must Know -
Privacy - India (mondaq.com)
4. Poornima Advani, China app ban is not enough: Protecting the data of Indian citizens
needs a modern data privacy law, 17th October 2020, TOI, China app ban is not enough:
Protecting the data of Indian citizens needs a modern data privacy law (indiatimes.com)
5. THE PERSONAL DATA PROTECTION BILL, Section 11, Bill No. 373 of 2019, 2019
6. THE PERSONAL DATA PROTECTION BILL, section 17, Bill No. 373 of 2019, 2019
7. THE PERSONAL DATA PROTECTION BILL, section 41, Bill No. 373 of 2019, 2019
8. THE PERSONAL DATA PROTECTION BILL, section 35, Bill No. 373 of 2019, 2019
9. Sumeyesh Srivastava, International Literacy Day: Bridging India’s Digital Divide, 8th
September 2020, BLOOMBERG QUINT,
https://www.bloombergquint.com/technology/international-literacy-day-bridging-indias-digi
tal-divide
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 7Truth and Youth (TAY) Online Mag Journal WhatsApp’s Updated Privacy Policies and India’s Data Protection Laws
Voice of YOUTH https://truthandyouth.com/whatsapps-updated-privacy-policies-and-indias-data-protection-laws/
Copyright © Truth and Youth (TAY) Online Mag Journal 2021.
Page: 8You can also read
