[Disclaimer: This article is a mere opinion in the public interest to inform/educate the people]

Today, one of the most common concerns among the people is about the new and updated terms of the recent policy of WhatsApp. It is concerning because over 400 million Indians WhatsApp use this service and is therefore not like any other messenger app.

What is the updated privacy policy?

In a nutshell, the new policy requires additional information which includes log, connection and location information. Also, it requires permission to share data with Facebook for personalizing the experience and create better synergy. The new policy does not provide the option to opt in or out of data sharing with other Facebook companies which was not the case with its earlier policy of Jul 20, 2020. This privacy policy of January 4, 2021, mandates acceptance of its terms lest the account stands terminated by February 8, 2021. It may be aptly put as-"Pay data, enjoy service is the new mantra"

Why is the policy harsh and raises eyebrows?

In the name of better synergy by sharing information with Facebook, imminent threats to privacy cannot be ignored. Many government and public authorities use this service during the course of their duty and sometimes even to issue the summons. All such exchanges will be under threat.

This is further coupled with targeted advertisement which is perhaps the primary hidden reason for these players to seek the personal data so as to analyse the behaviour and choices an individual holds. Borrowing the relevant expression from the anti-trust regime on this point, which says, “If you're not paying for tt, you become the product”. For instance, when was the last time a sponsored message triggered out of nowhere about a product you probably searched on another app. Hence this has become a commonplace phenomenon and would be unbelievable if it is claimed that the privacy of the user is kept intact without sharing it with a third-party.

It is also claimed that the conversations are end-to-end encrypted. Considering this hypothesis to be true, with the new policy, still, the tools can be used to gather personal data. For instance, a WhatsApp group name may be analysed and its member can then be categorised into that interest group.

Where does the law stand on this issue?

In other jurisdictions like the EU for instance, a special law for this purpose called the General Data Protection Regulation (GDPR) was implemented in 2018. Therefore to be compliant, WhatsApp had to provide an opt-out option.

In India, existing laws like the Information Technology (IT) Act, 2000 has certain provisions to address the problem partially but leaves certain grey areas to find an escape route. And for this purpose Personal Data Protection Bill, 2019 was mooted in the parliament but is pending before the Joint Parliamentary Committee formed by Lok Sabha.

Right to Privacy

If we travel back in time, it was in Kharak Singh v. State of UP (1963) when for the first time the apex court of the country faced the question of whether Art. 21 of the Indian constitution include the right to privacy within its ambit and the majority bench held that such a constitutional guarantee is not conferred by our constitution. However, who knew that the dissent of Subba Rao J. favouring such inference would ultimately be law of land in Justice KS Puttaswamy (Retd.) v. UOI in the year 2017 observing that the right to privacy is not just protected under the constitution but is an intrinsic part of personal liberty, thus settling the law for once and for all. In this backdrop, a recent remark by CJI S.A Bobde when this matter appeared before the court is noteworthy as he rightly said,

"People have grave concerns about their privacy. You may be 2 trillion 3 trillion company. But the privacy of people are more important than your money,"

Therefore, it ought to be appreciated that with this inalienable right come ancillary rights like the right to access, restriction and portability of data, the right to objection and the right to be forgotten (also part of the Personal Data Protection Bill, 2019) and High Courts have respected these rights even without the formal law in place by way of extended interpretation. Therefore it is the need of the hour that the court uses this template and comes to the rescue as the sentinel on the qui vive and put a check on this unregulated behaviour.

-Sparsh Sharma