“When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.”
― David Brin
INTRODUCTION
WhatsApp's latest update in privacy policy has been in the headlines for a past few months now. WhatsApp has more than 2 billion people from 180 countries as users. WhatsApp's mission according to its website is to be an alternative to SMS. The app supports sending and receiving a variety of media such as text, document, location, voice call, video call, etc. It is true that some of the personal data is shared via WhatsApp and therefore WhatsApp has built end-to-end encryption in the app. WhatsApp’s whole purpose and mission is to create fast and reliable messaging services around the world. WhatsApp screams about privacy and trustworthiness.
WhatsApp's new Privacy Policy was declared on January 11, 2021, which allowed the encrypted messaging app to share a significant amount of data with business user data with parent company Facebook, which aims to improve usage between the companies of the group. This does not in any way involve personal chats between users to be shared with Facebook but allows the sharing of data on business interactions within the group. Put simply, many companies rely on WhatsApp to communicate, for example, if you buy a plane ticket, it will be sent to your WhatsApp. In this way, WhatsApp helps the company to communicate with its customers WhatsApp partners with these business entities that use Facebook or third parties to help store and manage better communication with users on WhatsApp[1]. With this privacy policy, WhatsApp would request consent to share transaction data, IP address, information on mobile devices, and data on how they interact with companies with Facebook group companies. This step would help Facebook personalize content and display relevant advertisements across multiple social platforms in the group. This will also allow users to link services like Facebook Pay account to pay for things on a messaging app.
On 25th May 2019 General data protection regulation came into force and the companies in 2021 are trying to adjust to these regulations. The managing director of data privacy consultancy Castlebridge advice to not use WhatsApp as it does not comply with GDPR.
Countering all the rumors and misinformation in the market, a WhatsApp spokesperson told PTI: "No accounts will be deleted on May 15 due to this update and no one in India will lose WhatsApp functionality. We will follow up with reminders for people in the coming weeks."
ALL ABOUT UPDATED PRIVACY POLICY
In 2014, WhatsApp released a statement stating that the partnership with Facebook does not alter their values and principles and that they would continue to work independently and autonomously, but to date their policy segment reads that the information they share with Facebook companies include user account registration, transaction data, service-related information, mobile device information, IP address and the like which they obtain upon notification or based on user consent. Major changes include Facebook having access to messages users share with businesses on WhatsApp, WhatsApp will begin processing payment accounts and transaction information which includes payment method information, shipping details and the amount of the transaction. WhatsApp will also collect granular information about user activity and device and connection information such as battery levels and signal strength. In addition, it will collect the IP address and other information such as the prefix to estimate the overall location even if the user is not using the location features. At this point, users have no choice but to click "Agree" or simply stop using the service.
And for businesses, the new privacy policy means that they will now have the ability to use Facebook's secure hosting services to manage their customer chats on WhatsApp. When communicating with companies, WhatsApp can see that exchange and then use that information for marketing, which may include advertising on Facebook. Clearly labels conversations with companies that use Facebook hosting services. Also, in an optional feature that will notify when used, the purchase activity for users who interact with the Facebook shop commerce feature via WhatsApp can be used to view related ads on Facebook and Instagram. Finally any interaction with an ad on Facebook with the ability to send messages to a company via WhatsApp. If then done it could be used to show more related ads on the social platform.
PRIVACY AND DATA PROTECTION LAWS
The privacy policy is violative of following laws which are applicable in India-
· Section 72A of The Information Technology Act,2000, which talks about Punishment for disclosure of information in breach of lawful contract.
· Section 2 (1)(w) of The Information Technology Act,2000 according to which WhatsApp can be considered as Public Authority Hence, relying on Puttaswamy[2] Judgement.
· Rule 3 of Information Technology (Reasonable security practices and procedures and sensitive personal data or Information) Rules of 2011.
· Sub-rule 7 of rule 5 and Rule 8 of Information Technology (Reasonable security practices and procedures and sensitive personal data or Information) Rules, 2011.
CONCLUSION
The new privacy policy appears prima facie to be discriminatory in nature as it adopts different standards for European and American countries on the one hand and for other countries on the other. As discussed above, WhatsApp in India is much more than just a messaging platform so an additional sense of responsibility must be given to WhatsApp and WhatsApp must also be more vigilant when it comes to India due to its huge user base. and also due to the fact that most of its users in India are not so prepared to understand the possible dire consequences of a data breach/leak situation.
It can be observed that the EU due to its strict laws such as the GDPR could protect its citizens from the change in policy which appears to be to the benefit of the App and its parent companies and in a sense puts the data at risk for users. del App. This data sharing with Facebook may not pose a big risk at the moment, but it could pose security threats in the near future. The country's politicians and lawmakers should know better when it comes to protecting the privacy of its country's citizens. Data is the new oil and extraction by a private company poses a risk to the country and its citizens in terms of privacy, security and data leakage.
[1]Megha Madavia, WhatsApp Tweaks Privacy Policy to share more user data with Facebook. [2] (2017) 10 SCC 1 REFERENCES-