Whatsapp and Violation of Privacy | 02 Feb 2021

Why in News?

  • Whatsapp, one of the most popular messaging apps, has updated its privacy policy and has asked its users to accept the new terms and conditions by 8 February, 2021
  • The new policy has come into discussion on the issue of how user data is impacted given its integration with another social media major Facebook, which also happens to be WhatsApp’s parent company.

Key Points

  • There has been a huge concern over the new privacy policy due to a large population dependent on the app for various purposes of information sharing, entertainment etc.
  • On the raising concerns, Whatsapp has responded “The update does not change WhatsApp’s data sharing practices with Facebook and does not impact how people communicate privately with friends or family WhatsApp remains deeply committed to protecting people’s privacy.”
  • This is a forced consent taken from the users as it does not leave them with much of a choice.
    • Those who do not accept the updated policy, will no longer be able to access the chats on the messaging platform.
  • Besides breaching users’ privacy, the policy is also discriminatory as it is not applicable to the United Kingdom and the European Union but must be accepted by the rest of the world.

Features of the Policy

  • It requires users to consent to sharing transaction data, mobile device information, IP address, and data on how they interact with businesses with Facebook group companies.
  • The policy allows WhatsApp and Facebook to share user information with businesses and third-party service providers that transact on these platforms.
  • Besides the technical front, even on the analytics front the consent has been asked to share details such as the login details and the locational details.
  • WhatsApp’s end-to-end encryption clause still remains intact, but this only ensures that it won’t be able to see or share the users’ messages.
  • With the updated privacy policy, WhatsApp can now share one’s metadata - which is essentially everything beyond just the textual conversation - with Facebook and other apps coming under the parent company.
    • Metadata is data of the data, provides description and context of the data and helps to organize and understand it.

Whatsapp and India

  • Whatsapp is the most popular messaging platform in India, owned by Facebook since February, 2014.
  • India accounts for 400 million of the total 2 billion WhatsApp users and 310 million users on Facebook globally.
  • Also, India is the first country for WhatsApp to launch payment services.
    • It has received permission from Indian regulators to go live with 20 million users so far.
  • Despite such a wide user base, India has been asked for a forced consent only because India is in a dearth of a stringent data protection law.

Issues with Social Media Platforms

  • Almost 75% of cyber crimes such as child sexual abuse, terrorist radicalisation or financial crime or disturbance of law and order with fake news, start with either phishing or social engineering attack through these messaging apps or social media.
    • Social engineering is manipulating people in order to obtain confidential information such as usually tricking an individual into sharing crucial information such as passwords or bank information, or accessing a computer to secretly install malicious software.
  • Countries such as the US have provided a safe harbour to these social media service providers via section 230 (c) of its Communications Decency Act, 1996.
    • Such actions often make these platforms a breeding ground of crimes.
    • Besides, it also makes a country’s sovereignty a subject to the company’s policy which is a great anomaly.
  • There are encrypted messages that nobody else can access.
    • Encryption is beneficial but it is more about how a tool is utilised than just about a tool.
    • Encryption is used to perpetuate crimes, and in such cases, it is very difficult to obtain any evidence.

Data Protection in India and Other Countries

  • 128 out of 194 countries had put in place legislation to secure the protection of data and privacy.
    • Africa and Asia show a similar level of adoption with 55% of countries having adopted such legislations from which 23 are least developed countries.
  • India: Although the Puttaswamy Judgment talks for privacy as a fundamental right, India for real, does not have a strict law or any specific provisions for the protection of an individual’s data.
  • Russia: The Russian Federation has separate legislations regarding Electronic Transactions and draft legislations for Consumer Protection as well as Privacy and Data Protection.
    • The key legislation is Federal Law No. 15-FZ on Personal Data 2006 (the Personal Data Law), which is supplemented by numerous additional laws, regulations and guidelines.
    • The combination of a number of Russian laws provides comprehensive privacy protection across all sectors
  • European Union: 43 countries in the European Union (out of 45) have legislation specifically for data protection.
    • WhatsApp is legally bound to not share data with Facebook in the European Region because it’s a contravention of the provisions of the General Data Protection Regulation (GDPR).
      • GDPR is a regulation in the European Union law on data protection and privacy in the European Union and the European Economic Area.
  • United Kingdom: The UK has separate laws for electronic transactions, consumer protection, privacy & data protection and cybercrimes.
    • In 2018, the UK's Information Commissioner’s Office (ICO) got WhatsApp to sign an undertaking in which it has committed publicly not to share personal data with Facebook in the future until the two services can do it in a way that is compliant with GDPR.
  • USA: The US has sector specific data protection laws and regulations that work together with state-level legislation to safeguard American citizens’ data such as Federal Information Security Management Act (FISMA), NIST 800-171 etc.
  • Australia: The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals.

Way Forward

  • Implementation of the PDP Bill: It has been enough time since the debates on the PDP Bill have been going on, now is the high time for its implementation.
    • Absence of a rigid law means that there is no relief that a user can get in case of a breach or misuse of data.
  • Prioritising the privacy: With shifting towards digitisation in education, entertainment, banking and almost everything, it is time now that people understand that privacy is very crucial and shall not be compromised at any cost. The way forward is more user-privacy-centered apps.
  • India’s Own Apps: India shall develop its own digital sovereignty and its own Apps.
    • The Apps would agree to the nine privacy principles as mentioned in the AP Shah committee.
    • The committee recommended an overarching law to protect privacy and personal data in the private and public spheres.
      • It talks about accountability, notice, consent, limitation of collection, limitation of use, access and corrections and safeguards.
  • Uninstalling the App is not a Solution: Deleting the App does not do it all, the data that already exists, stays with the company and will still be shared among the other Apps.
    • The governments of various nations have to respond to these kinds of discriminations and make sure that if there are any such policies, it should either be for all or for none.


  • The privacy policy of Whatsapp must be a contract between the company and its users where the latter must be allowed with the rights to preserve its privacy.
    • The confidentiality of the information of the users that must be maintained, is clearly being violated by Whatsapp’s new policy.
  • India is in dire need of a law that protects the sensitive information of its citizens and also prevents them from being exploited by any such organisation.
    • India is a country with a database of 400 million users whose privacy cannot be accepted if breached.
  • The discriminatory policy of Whatsapp calls for India to make provisions that assert its intolerance towards any sort of discrepancies and that India prefers a more equitable approach.

MeitY’s letter to Whatsapp

  • The Union Ministry of Electronics and Information Technology (MeitY) has sent a strongly worded letter to the CEO of WhatsApp, asking the company to withdraw its unilateral privacy policy changes calling them unfair and unacceptable.
    • In its letter, MeitY has said the terms of service and the proposed privacy policy are an ‘all-or-nothing’ approach, which take away any meaningful choice from Indian users.
  • MeitY has also raised objections to the differential treatment accorded by WhatsApp to its users in India compared with those in the European Union.
  • WhatsApp’s new privacy policy was to be implemented from February 8 but has been put on hold till May 15 due to user backlash; the policy aims to share commercial user data with parent company Facebook.
    • The ministry has sought details about exact categories of data that WhatsApp will collect from Indian users.
    • The App has also been asked to provide details about the difference between its privacy policies in India and other countries.