WhatsApp Privacy Policy Controversy

‘All violations of essential privacy are brutalizing.’

-Katharine Fullerton Gerould

The advancement of technology around the globe highlights an imperative role of internet connectivity in public and private services of a nation which in turn promotes globalization. On the contrary, such massive integration acts as a huge threat to the privacy of an individual. The mega messaging service provider WhatsApp stands in debate on similar lines which has been discussed in this article.

  • WhatsApp controversy- A timeline

The internet messaging application WhatsApp which was taken over by Facebook in 2014, goes against its own affirmation given in 2010 when it was launched, of not changing its policy regarding sharing of data to a third party; by introducing a privacy policy in 2016, of apportioning metadata of its users to its parent company, Facebook[1]. The important fact to be noted is that this 2016 policy provided an option to its users of opting out certain level of data from being shared.

However, when the same was challenged as being violative of right to privacy, which is a subset of Article 21 of the Indian Constitution[2], the petition was rejected by the Delhi high Court with a partial relief. The reasoning for the same was that the landmark case[3] with respect to right to privacy was sub judice in the Supreme Court and therefore WhatsApp was given directions to delete the data both of the users as well as of those who deleted their accounts.

Later the petitioners sought to file a Special Leave Petition[4] to the Apex Court, against the order of the Delhi High Court. During the hearings of such petition, a special committee called Justice B.N. Sri Krishna Committee was constituted in order to examine the data protection laws of the country and to provide guidelines for the same. As a result of this action, the draft of The Personal Data Protection Bill was passed in the Parliament in 2019[5].

Now, in 2021 WhatsApp again changed its policy which essentially focuses on promoting advertisements and business again, by sharing of all the essential information of its users like IP address, Display photo, Status, Contacts etc., except personal messages which are protected under end-to-end encryption label[6].

This new policy was challenged in the case of Karmanya Singh Sareen v. Union of India[7] in 2021 wherein it was argued that the privacy protections in India are compromised as compared to those in the European Union; along with the infringement of right to privacy. The said case is presently, pending before the court.

  • Legal perspective

Article 21 of the Indian Constitution[8], guarantees the right to life and personal liberty to persons except according to the procedure established by law, and such law should be a valid law and the procedure to be followed must be just, fair and reasonable. Right to privacy is an important facet of Article 21 itself. As held in the aadhar case[9], it is an intrinsic part of Article 21 and can be upheld as a fundamental right by itself.

Firstly, with the new privacy policy of WhatsApp, the aspect of choice is infringed as it clearly does not provide an option to opt-out of such policy and still remain the beneficiary of the application. This ‘take it or leave it’ policy impliedly violates the ‘right to choose’ of an individual which is essential to make a decision when it comes to the privacy of a person[10]. Since Article 21 has a multitude of elaborations, right to choose of an individual lies within the same.

Secondly, as per the report by the Competition Commission of India, the said policy is violative of Section 4 of The Competition Act, 2002[11] which prevents the arbitrary abuse of any dominant position; which in this case is the excessive extraction of personal essential metadata of the data principals for the business benefits of data fiduciaries.

Apart from this, the policy is debated to be in violation of the Information Technology Rules[12] as it does not mention the type of the collection of specific personal data, also, it fails to inform the user about the data which is being collected and it even does not provide any provision to withdraw the consent or review or amend the information sought to be collected.

Hence it can be stated that, the WhatsApp privacy policy of 2021 is prima facie violative of the fundamental right to privacy under Article 21, Section 4 of The Competition Act 2002 for abuse of its dominant position, and The Information Technology Rules of 2021.

  • Analysis and Conclusion

It is important to note that WhatsApp is explicitly exploiting the privacy of individuals under the tag of ‘end-to-end encryption’. The new policy aims to manipulate the data principals by stating that their texts, data shared to the contacts, telecommunication etc., are confidential among the parties and neither WhatsApp nor Facebook or any third party can view the same. This argument is used to distract the beneficiaries of the application, as the majority of them use the application for such primary needs.

However, the actual essential private content and metadata of the beneficiaries which lies in the Bank account details, the transaction details, IP address, contacts etc., are being shared by WhatsApp, that too, without any heads up to the data principals about the time and quantity of such information. If one has to look on a broader perspective, such actions are fuelled by economic advantages of business and advertisements, at the cost of infringing the privacy of the general public using the application and therefore, at the cost of social welfare.

Hence the manner of obtaining consent from the data principals in such policy, under the name of end-to-end encryption is misleading and deceptive.

Next, the absence of withdrawal of consent from such sharing policy is not only against the freedom to choose but also violative of principles of natural justice as it is not fair, just and reasonable, instead it promotes tyranny.

Therefore, to conclude, it would be beneficial if the present Personal Data Protection Bill is passed in the Parliament and subsequently implemented, and the said policy is adjudged on the basis of the provisions of such bill, as it aims to give utmost importance to the consent of the data principal and prohibits any sharing of metadata which is non consensual[13].

There should also be a separate provision in the bill collateral to the European Union’s General Data Protection Regulation (GDPR)[14] with respect to seeking consent of the data principals separately for the collection and processing of data which will eventually provide a better magnitude of control and protection to the State over the essential data of the beneficiaries of the application[15].

Hence in order to effectuate the upholding of right to privacy as a fundamental right by the Apex Court in the aadhar judgment, the Personal Data Protection Bill, 2019 should be passed and implemented in the most efficient manner while dealing with the WhatsApp new privacy policy of 2021.


[1] Lily Hay Newman, WhatsApp Has Shared Your Data With Facebook for Years, Actually, 8th Jan, 2021, available at; https://www.wired.com/ last visited on 18/05/2021. 

[2] The Constitution of India, 1950, Art 21.

[3] K.S. Puttaswamy (Retired) and Anr. v. Union of India & Ors, Writ Petition (Civil) No 494 of 2012.

[4] Ibid, Art 136.

[5] Supreme Court Observer, WhatsApp-Facebook Privacy, available at; https://www.scobserver.in/ last visited on 19/05/2021.

[6] Ikigai Law, WhatsApp privacy case- A timeline, 9th August 2018, available at; https://www.ikigailaw.com/ last visited on 20/05/2021.

[7] Karmanya Singh Sareen v. Union of India, SLP (C) 804/2017.

[8] Supra note 2.

[9] Supra note 3.

[10] Economic and Political weekly, ‘Right to choose’ as a fundamental right, 21st May 2018, available at; https://www.epw.in/journal/ last visited on 20/05/2021.

[11] The Competition Act, 2002, Sec 4.

[12] The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

[13] The Personal Data Protection Bill 2019, Clause 11(4).

[14] European Union’s General Data Protection Regulation (GDPR), Art 7(2).

[15] Akshat Bhushan, WhatsApp Privacy Controversy and India’s Data Protection Bill, 2nd April, 2021, available at; https://www.theleaflet.in/ last visited on 20/05/2021.


Author: Dipti Gabriel from Christ University, Bangalore.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s