‘All violations of essential privacy are brutalizing.’
-Katharine Fullerton Gerould
The advancement of technology around the globe highlights an imperative role of internet connectivity in public and private services of a nation which in turn promotes globalization. On the contrary, such massive integration acts as a huge threat to the privacy of an individual. The mega messaging service provider WhatsApp stands in debate on similar lines which has been discussed in this article.
- WhatsApp controversy- A timeline
However, when the same was challenged as being violative of right to privacy, which is a subset of Article 21 of the Indian Constitution, the petition was rejected by the Delhi high Court with a partial relief. The reasoning for the same was that the landmark case with respect to right to privacy was sub judice in the Supreme Court and therefore WhatsApp was given directions to delete the data both of the users as well as of those who deleted their accounts.
Later the petitioners sought to file a Special Leave Petition to the Apex Court, against the order of the Delhi High Court. During the hearings of such petition, a special committee called Justice B.N. Sri Krishna Committee was constituted in order to examine the data protection laws of the country and to provide guidelines for the same. As a result of this action, the draft of The Personal Data Protection Bill was passed in the Parliament in 2019.
Now, in 2021 WhatsApp again changed its policy which essentially focuses on promoting advertisements and business again, by sharing of all the essential information of its users like IP address, Display photo, Status, Contacts etc., except personal messages which are protected under end-to-end encryption label.
This new policy was challenged in the case of Karmanya Singh Sareen v. Union of India in 2021 wherein it was argued that the privacy protections in India are compromised as compared to those in the European Union; along with the infringement of right to privacy. The said case is presently, pending before the court.
- Legal perspective
Article 21 of the Indian Constitution, guarantees the right to life and personal liberty to persons except according to the procedure established by law, and such law should be a valid law and the procedure to be followed must be just, fair and reasonable. Right to privacy is an important facet of Article 21 itself. As held in the aadhar case, it is an intrinsic part of Article 21 and can be upheld as a fundamental right by itself.
Secondly, as per the report by the Competition Commission of India, the said policy is violative of Section 4 of The Competition Act, 2002 which prevents the arbitrary abuse of any dominant position; which in this case is the excessive extraction of personal essential metadata of the data principals for the business benefits of data fiduciaries.
Apart from this, the policy is debated to be in violation of the Information Technology Rules as it does not mention the type of the collection of specific personal data, also, it fails to inform the user about the data which is being collected and it even does not provide any provision to withdraw the consent or review or amend the information sought to be collected.
- Analysis and Conclusion
It is important to note that WhatsApp is explicitly exploiting the privacy of individuals under the tag of ‘end-to-end encryption’. The new policy aims to manipulate the data principals by stating that their texts, data shared to the contacts, telecommunication etc., are confidential among the parties and neither WhatsApp nor Facebook or any third party can view the same. This argument is used to distract the beneficiaries of the application, as the majority of them use the application for such primary needs.
However, the actual essential private content and metadata of the beneficiaries which lies in the Bank account details, the transaction details, IP address, contacts etc., are being shared by WhatsApp, that too, without any heads up to the data principals about the time and quantity of such information. If one has to look on a broader perspective, such actions are fuelled by economic advantages of business and advertisements, at the cost of infringing the privacy of the general public using the application and therefore, at the cost of social welfare.
Hence the manner of obtaining consent from the data principals in such policy, under the name of end-to-end encryption is misleading and deceptive.
Next, the absence of withdrawal of consent from such sharing policy is not only against the freedom to choose but also violative of principles of natural justice as it is not fair, just and reasonable, instead it promotes tyranny.
Therefore, to conclude, it would be beneficial if the present Personal Data Protection Bill is passed in the Parliament and subsequently implemented, and the said policy is adjudged on the basis of the provisions of such bill, as it aims to give utmost importance to the consent of the data principal and prohibits any sharing of metadata which is non consensual.
There should also be a separate provision in the bill collateral to the European Union’s General Data Protection Regulation (GDPR) with respect to seeking consent of the data principals separately for the collection and processing of data which will eventually provide a better magnitude of control and protection to the State over the essential data of the beneficiaries of the application.
 The Constitution of India, 1950, Art 21.
 K.S. Puttaswamy (Retired) and Anr. v. Union of India & Ors, Writ Petition (Civil) No 494 of 2012.
 Ibid, Art 136.
 Karmanya Singh Sareen v. Union of India, SLP (C) 804/2017.
 Supra note 2.
 Supra note 3.
 The Competition Act, 2002, Sec 4.
 The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
 The Personal Data Protection Bill 2019, Clause 11(4).
 European Union’s General Data Protection Regulation (GDPR), Art 7(2).
Author: Dipti Gabriel from Christ University, Bangalore.