EXCLUSIVE: The Lawhive Updates – What’s up with WhatsApp?: Saveena Sachar Bedi

Adv. Saveena Bedi Sachar, Founder and Managing Partner of reputed legal firm, Lawhive Associates, examines the controversy around ‘all or nothing’

One of the most controversial privacy policies, introduced by WhatsApp, has been put on hold till mid-May 2021 after the backlash it faced throughout the world. Countries across the world are now refraining from using WhatsApp for their business communications.

This instant messaging app gained quick momentum as it was easily accessible for everybody. The social networking platform has been ever expanding with adding new features every now and then.  What started as basic messaging app has went on to add calling, video calling, voice notes and several other features.

In 2018, WhatsApp came up with a special addition when it launched a similar app known as “WhatsApp Business”. This addition was created keeping small business owners in mind, to help them easily build their  business.

WhatsApp’s new policy

The new policy notification, which was released by WhatsApp on January 4^th, 2021, states that the company may share the contents or information provided by its customers, with its parent company, Facebook.  This was introduced in the form of a mandatory update as the company went ahead to mention that any person not complying with the same would not be allowed to use the application beyond 8^th February 2021.

This raised concerns as to the privacy of contents shared on WhatsApp, and further, the ‘my-way-or-the-highway’ approach did not go well with the users or the Government.

Past privacy controversies

• WhatsApp has time and again landed into controversies with its privacy issues. As WhatsApp could have access to all personal information, payment details, locations, etc. of its users the same was highly condemned by The Confederation of All India Traders. They believed that by initially providing these apps free of cost, this platform is now are trying to intrude into the users’ privacy.
• There was another instance where a New Delhi-based think tank stated that some Chinese hackers were accessing data from WhatsApp to offer part-time employment to its users. This ultimately turned out to be a scam.
• WhatsApp allows its participants to join private groups through links. This requires no prior approval from the admin or the creator of the group. Any person who has access to the link can click on it to join. Such private group links were found to be misused at various instances. This issue saw a rise last year, when Google was asked not to index such private links. These links were solely meant for private circulation. To make things less complex, WhatsApp added “do not index” to its links therefore it became easier for Google to keep them away. WhatsApp also requested its users to not put such private chat links on social platforms.

The news of earlier breaches in WhatsApp privacy comes around the time when WhatsApp decides to share its data with its parent company Facebook. This leaves the users in a dilemma as to how safe would their messages and content be after the new policy is implemented.  As the concerns for privacy rose, the users started losing their trust in the application.

Reaction to the new policy

Fearing that the new policy would be mandatorily installed from 8^th February 2021, there was a massive rise in people downloading other messaging apps such as Signal, Telegram, etc.  Per media reports, India witnessed a 38% hike in Signal app installation. Many entrepreneurs demanded that their employees to do away with WhatsApp and adopt other communicating /messaging apps.

Whatsapp’s clarification

With all the speculations circulating around, WhatsApp finally clarified its stand. It stated that the new privacy policy would apply only to WhatsApp Business users. There would be no changes in the policy for people using it only to communicate to their family and friends, which means the said change does not apply to private communications.

Certain information shared by the WhatsApp Business users would be forwarded to the parent company, Facebook. WhatsApp shed light on it by stating that some large business entities may have to use “secure hosting services from Facebook to manage WhatsApp chat with their customers, answer questions and sent helpful information like purchase receipts”. This new change by WhatsApp helps it to use the information for its marketing purposes, which may include advertising on Facebook. With this new policy WhatsApp business would also show the conversation and preferences on the client’s side.

You may also like:

EXCLUSIVE SERIES: THE LAWHIVE UPDATES – Developments in M&E and more, curated by Saveena Bedi Sachar

India’s stand on the new policy

In India too, a large amounts of traffic moved towards other apps as soon as WhatsApp announced its new policy. India being a country with such massive population is a great market for any messaging/communication application. Over the past few years WhatsApp had captured a good market in India. It was estimated that more than 300 million people use WhatsApp in India.

Though the Hon’ble Supreme Court held that privacy is a fundamental right in case of The Justice K. S. Puttaswamy (Retd) and Anr vs Union of India And Ors, India still fails to have a regulatory authority for protecting its personal data.

The Personal Data Protection bill, if implemented into an act, would have had a check over the newly introduced privacy policy and the current situation would not have arisen. Section 5 of the Personal Data Protection Bill — which was introduced by the Parliament, and which came out of the Srikrishna Committee Report — says that you can only use the information for purposes that are reasonably linked to the purpose for which the information was given. If that section had enjoyed the power of law, then this (the new update in WhatsApp’s privacy policy) would have been illegal.

WhatsApp’s new policy has created havoc throughout the nation. On 19^th January, 2021, while addressing the privacy issue, Communications minister Ravi Shankar Prasad said,  “Any digital platform, including WhatsApp, must maintain the sanctity of personal communication and operate without violating the right of Indian citizens”.

“Be it WhatsApp or any other digital platform, you are free to do business in India. But do it in a manner without bringing upon the rights of Indians who operate, and sanctity of personal communication needs to be maintained,” the hon’ble minister had said. He further emphasized the importance of Data Protection and stated that India is working towards data protection law to transform itself into Data economy.

Impact on the European Union

The situation doesn’t remain the same globally as the countries in the European Union have  a strong law protecting their Data and Personal information.

As of May 25, 2018, the EU officially began enforcing its new General Data Protection Regulation (GDPR) standards. This initiative aims to heighten personal data security across all businesses operating within or connected to Europe. The new privacy policy of WhatsApp  will not be applicable in the European union due to the data protection law in place.

The GDPR or the general data protection regulation, is a regulation in the E.U law applicable in the E.U and the European economic area. Although the update is being rolled out globally, users located in the European Union will have their data protected, this is because the 27 countries that are part of the European Union, have a tighter privacy legislation in place known as GDPR (General Data Protection Regulation).

Recent changes

This new privacy policy which was to be introduced from 8^th February 2021 has now been pushed to mid of May 2021 due to the vast outcry against privacy infringements by people across the world. On 17^th January 2021, WhatsApp added a story on its users’ accounts stating the content shared through WhatsApp would remain safe and encrypted. This was WhatsApp’s reflex action due the mistrust and concerns raised by its new policy.

On 18^th January 2021 a petition was filed before the Delhi High Court regarding the privacy issue of WhatsApp. A grievance was raised as to WhatsApp’s new privacy policy. Addressing the issue, as per media reporting, the Hon’ble Court observed that “It is a private app. Don’t join it. What is your grievance? .. I can’t understand your concern. If you feel WhatsApp will compromise data, delete WhatsApp,“. The said matter has been was then adjourned to 25^th January apparently since WhatsApp has deferred it’s new policy till May 2021.

In view of the ongoing counterblast against the WhatsApp’s new privacy policy. The Government of India, Ministry of Electronics and Information Technology has written a letter to the Whatsaap’s CEO ‘Will Cathcart’ raising concerns with regards to its new privacy policy.

In the said letter, the Ministry condemned WhatsApp’s “all or nothing” approach of not giving the users an option to opt out of the policy. The letter also sheds light on the upcoming Personal Data Protection Bill and The Justice K. S. Puttaswamy (Retd) and Anr vs Union of India And Ors which regarded privacy as a fundamental right.

The letter further objected the differential treatment given to Indian and the European Union countries with regards to the implementation of the said policy. Further, while raising privacy concerns the Government has asked for clarifications on certain questions too, which are as follows:

• Disclose the exact categories of data that WhatsApp application collects from Indian users.
• Give details of the permissions and user consent sought by WhatsApp app and utility of each of these with respect to the functioning and specific service provided.
• Does WhatsApp conduct profiling of Indian users on the basis of their usage of application? What nature of profiling is conducted?
• Details of difference between WhatsApp privacy policies in other countries and India.
• Details of Data Security Policy, Information Security Policy, Cyber Security Policy, Privacy Policy and Encryption Policy.
• Does the WhatsApp app share data with any other app or business unit of the same company or associated companies? Share details of the data flow among these apps, business units or associated companies.
• Does the WhatsApp app capture the information about the other apps running on the mobile device of the user? If yes, what information is being captured by the app and what purpose is it being collected and used?
• Details about the server when data of Indian users is transmitted or hosted. Has the company or application provided any access to a third party to access a user’s personal data? If yes, then share those details.
• The Government is now awaiting a clarification from WhatsApp’s end.

Conclusion

As WhatsApp has postponed its new privacy policy to May 2021, the concerns with regards to privacy remains.  It is imperative for India to implement appropriate data protection bill  to have a proper tap on such foreign applications which try to intrude into its citizens’ privacy and personal data.

Adv. Saveena Sachar Bedi practices before the Supreme Court of India, Bombay High Court and several other courts, Forums and Tribunals. She has  worked for several years heading the legal function in leading Indian and Multinational companies viz. Walt Disney, UTV, Star TV, INX Media (9X, 9XM and NewsX), AC Nielsen, Ogilvy and Mather (O&M) and Music Broadcast Private Limited (Radio City 91.1FM ).

Her law firm, Lawhive Associates, which she founded in 2012, is has today transitioned from a traditional-Media-and-Entertainment practice to a leading full-service law firm that handles civil and criminal matters including corporate advisory, international arbitrations, dispute resolution, bankruptcy and liquidation matters, family law, real estate, information technology and private client advisory.