Abstract

The right to privacy is a fundamental human right, recognized by various international conventions and treaties. It protects individuals from arbitrary or unlawful interference with their personal life, family, and communications. The right to privacy also includes the right to control the collection, use, and disclosure of personal data. Every individual has the right to be left alone without any hindrance or disturbance from the outside world and can enjoy freedom from judgement or discrimination by other members of society. The Constitution of India provides its citizens with the Right to Privacy under Article 21 as an integral part of the right to life and personal liberty so that one can restrain the threats of privacy breaches from governmental and private actions. Violating a person’s right to privacy can be seen as a crime in certain cases. In January 2021, the popular social media app WhatsApp that is owned by Meta, a company which also owns another popular social media platform Facebook, brought about a few updates on its policies which caused a spark of concern and criticism from its users about the potential violations of the user’s right to privacy. The purpose of this paper is to analyse the updated privacy policy of WhatsApp and the impact it would have on the privacy rights of its users

Keyword

WhatsApp’s User Privacy, Right to Privacy, Personal Information Collection, Data Protection, Privacy Policies, User Consent and Rights, WhatsApp’s New Privacy Policy, Privacy Violations and Threats.

Introduction

The internet is one of mankind’s greatest creations. The internet has become a daily necessity in our lives. ¹ It is probably the most effective way of communication. It is also known as the ‘global hub’ in the field of communication where no matter where you come from, as long as

¹ The internet has become a necessity.. https:///steemit.com/steempress/@steemitaz/internethas/becomeadailynecessityinourlives-jmb1mucm4f (May 2023)

you are connected to the internet you are connected to people from anywhere across the globe. The Internet was, has been, and always will be an important part of society and its people.

Not only does the internet help in our daily life activities but it also helps us excel in our professional careers. No other source of information is as consistent with providing recent and new information as the internet. It is also easily accessible information for everyone to access Knowledge of how to appropriately use the internet could help a person reach new heights. It could be used to gain new knowledge and add our knowledge to an existing subject.

But like with every good thing, the internet also has its negative points. The more the world is shifting towards a digital era, the more the rate of crimes online has been increasing. As the saying goes, “Avarice hoards itself poor; charity gives itself rich” Human greed knows no bounds and people when given a good thing always find to misuse it for their gain. Characteristic of the culture of computers, information technology, and virtual reality is

known as cyber.² According to a general cyber law definition, Cyber law is a legal system that deals with the internet, computer systems, cyberspace, and all matters related to cyberspace or information technology. Cyberspace law covers a wide range of topics including aspects of contract law, privacy laws, and intellectual property laws.3

Research Methodology

This paper uses a qualitative method of research and the research has been conducted purely based on existing secondary sources like books, websites, and journals research utilizes a doctrinal method of analysis, analysing relevant constitutional provisions, and judicial decisions, on privacy and data protection in India. The paper prioritizes giving a clear and specific idea of the issues with WhatsApp’s new privacy policy change.

² The Role of Cyber Law in Cyber Security (no date) Legal Service India . Available at: https://legalserviceindia.com/legal/article-7646-the-role-of-cyber-law-in-cyber-security.htm (Accessed: 14

May 2023).

³ Cyber crime laws in India (no date) Ipleaders. Available at: https://blog.ipleaders.in/cyber-crime-laws-in-india/ (Accessed: 14 May 2023).

Review of Literature

“A socio-legal Analysis of WhatsApp privacy policy 2021 in India: A Contemporary Study” (2021)

This paper argues that WhatsApp’s policy change contradicts India’s constitutional right to privacy. This policy change undermines the control users have over their personal information, which is at the heart of privacy. This policy change does not provide sufficient transparency and control over the use of user data and may also violate Indian privacy laws⁴.

In “Privacy and Security in Mobile Messaging Applications: A Case Study of WhatsApp” (2020), Aljohani and Hashem This paper evaluates WhatsApp’s privacy and security features, including its encryption technology, data collection and sharing practices, and security vulnerabilities. They note that while the app’s encryption technology is strong, its data collection and sharing practices present potential risks to user privacy and data protection.

An Empirical Study on “WhatsApp Privacy Policy” Analysing the Real Cost of “Free” Apps in an Online Social Network (2022)

In this research paper, the authors reveal the details of WhatsApp’s new privacy policy and its impact on the mindset of users and other players in the same market⁵.

Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors. (2017)

This case is one of the landmark cases for the protection of the right to privacy of the Indian citizen since this judge bench acknowledged the right to privacy as a fundamental right under the constitution of India, the Court held that the right to privacy was integral to freedoms guaranteed across fundamental rights, and was an intrinsic aspect of dignity, autonomy and liberty⁶

⁴ Rajpurohit, Dr.G.S. and Yadhav, Dr.R.K. (21 May 2021) A Socio-Legal Analysis of WhatsApp Privacy Policy 2021 in India: A Contemporary Study, Ipleaders. Available at: /A Socio-Legal Analysis of WhatsApp Privacy Policy 2021 in India: A Contemporary Study (Accessed: 14 May 2023).

⁵ Kalyan, P. (no date) (PDF) an empirical study on “Whatsapp privacy policy” analyzing the … Available at: https://www.researchgate.net/publication/349811360_An_Empirical_Study_on_Whatsapp_Privacy_Policy_An alyzing_the_Real_Cost_of_Free_Apps_in_an_Online_Social_Network_In_Contrast_to_Other_Player_like_Teleg ram_Signal_etc_-_JMEITFEB0801001 (Accessed: 14 May 2023).

⁶ Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors. (2015) 10 SCC 1, AIR 2017 SC 4161

Karmanya Singh Sareen v Union of India (2021)

In the case of Karmanya Singh Sareen vs Union of India, two law students who were concerned about their safety, challenged the new policy change of the social media app WhatsApp arguing that the app’s new policies violated the right to privacy of its users.⁷

Harshita Chawla V, WhatsApp INC and Others (2022)

In this case, the petitioner criticises WhatsApp for gaining leverage among its competition by including the WhatsApp UPI feature on its services and states that the security of the users of WhatsApp and national security would be in a compromisable position if WhatsApp and Facebook are left unsupervised and WhatsApp is left to continue its anti-competitive services such as WhatsApp UPI. It urges the CCI to look into the policy-making of both the apps ⁸

Legal Framework on the Right to Privacy of internet users

Under the Indian context, the Information Technology or IT Act 2000– Section 2(1)(o)– “data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and maybe in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

Personal Data Protection Bill

Although this bill has not yet been passed by the Parliament and is still being examined by the parliamentary committee, it seems to be a necessary measure for data protection. This bill aims to protect the users’ data misutilization from outside the country. The bill categorizes personal data into three different categories

Personal Documents- such as phone no., address etc.
Sensitive Documents- such as a person’s financial and health situation, sexual orientation, caste, religion, caste, beliefs etc
Critical Documents- such as the documents related to national and military security

According to Article 5 of the Personal Information Protection Act, we can only use your personal information in the following cases. For purposes reasonably related to the purposes

⁷ Karmanya Singh Sareen v Union of India (2016) SLP (C) 804/2017

⁸ Harshita Chawla V. Union of India(2020) SCCOnline CCI 32

for which the information was provided. Statement Data Mirroring is no longer required (for personal data). Personal Consent is only required for international data transfer.

The bill requires sensitive personal information to be stored only in India: Can be processed in India.

Processing overseas is possible only under certain conditions, It also includes approval from the Data Protection Authority (DPA). The bill also mandates social media. Companies are considered critical data trustees due to factors such as volume and sensitivity data for developing user verification mechanism.

About WhatsApp

Founded by Jan Koum and Brian Acton, the social media platform WhatsApp which has over 2 billion worldwide users in over 180 countries now, started as an alternative application for SMS between friends and families at any time and from anywhere. In its initial years, WhatsApp could only be used to text a person and there were no other uses. In recent years with the advancement of technology, it is now possible to share images photos, videos, documents, and locations, as well as voice calls in WhatsApp. It is also possible to transfer money from the app in a new update. The whole aim of WhatsApp is to provide its customer with the best possible services that let them communicate with each other from all over the world without any boundaries. WhatsApp joined hands with Facebook in the year 2014 but has continued to work as a separate app with different functionalities.

Before policy change

Before the changes of 2016 in the WhatsApp privacy policy, the app promised its users the utmost security of data with no chance of a data breach. It also used end-to-end encryption of messages shared between people. This meant that no one, not even WhatsApp or other websites had access to the messages except for the sender and the receiver. In addition to this, WhatsApp added extra layers of security measures so that no information is leaked to an outside source. Even after WhatsApp had been acquired by Facebook, it promised its user that won’t be any changes in the policy.

Even though the two social media apps continue to function as two separate entities but on August 2016, two years after Facebook bought WhatsApp, the app introduced a new policy change where the user had to share their private information such as phone no. address and

other information. And in September 2016, WhatsApp the new policy change came into effect without the consent of its users or an option to opt-out which in turn made people concerned about their privacy. They had to forcibly agree to the conditions since they could no longer continue to use the app without agreeing to the policy. It is worth noting here that even though this method had an opt-out mechanism, the approach to obtaining consent was rather a sham, each user had to consider data sharing, which means that the moment that the user decided to share their data it was no longer in their control as to who use their data and how they decide to use it. This is a clear signal to the users that they were no longer in control of their private data.

In August 2016, the plausibility of the policy changes was for the first time, challenged by two students, Karmanya Singh Sareen, and Shreya Sethi, who were concerned if WhatsApp was still safe to use and had argued that WhatsApp was violating the Constitution of India by violating the users right to privacy. The SC concluded the case by dismissing it and directing WhatsApp to delete the data it had stored of users who had deleted the app as well as users who had chosen to retain the application before the change had been fully implemented.

On 30^th July 2017, Additional Attorney General Tushar Mehta submitted an administrative memorandum to the Supreme Court. He explained Judge B.N.’s Constitution to the court. The Sri Krishna Commission is supposed to study issues related to data protection in India, propose data management principles and draft a data protection law. The commission released a report and a draft bill in 2018.⁹ In 2019, the Government of Sabah introduced the Personal Data Protection Act 2019. And it turned out to be on Judge B.N. It is based on. Draft by Sri Krishna Commission. The bill is currently before the Standing Committee.

Policy changes Of 2021

WhatsApp rolled out a new policy change again on January 2021 which brought about a lot more complaints from its users who were worried about the safety of their private information. With this policy change, WhatsApp could now share its users’ information with its parent company Facebook and other affiliated companies. The app gave its user a deadline of February 2021 after which they were supposed to accept the policy changes and adapt to it after updating their app. The new terms and conditions of the app triggered debates and

⁹Whatsapp-Facebook Privacy (2023) Supreme Court Observer. Available at: https://www.scobserver.in/cases/karmanya-singh-sareen-union-of-india-whatsapp-facebook-privacy-case- background/ (Accessed: 14 May 2023).

controversies among the users of the app since they were not given the option to opt-out from WhatsApp collecting and sharing their information with the app’s parent company Facebook in the name of improving their services. Because of the unrest, this policy had created among its users, WhatsApp had to delay the implementation of the policy to 5^th May of 2021.

Shortly after the policy was announced, it was challenged in a written application to the Delhi High Court. The new privacy policy was alleged to violate basic privacy rights and allow WhatsApp to profile users’ data without government regulation. While this case was pending, the All-India Traders Federation filed a complaint with the Supreme Court on similar allegations. The Supreme Court refused to accept the written application as the Delhi Supreme Court had already heard the appeal.

On February 15, 2021, the new policy was challenged in the Supreme Court. The petition contended that the privacy protection that WhatsApp had for the users of India was comparatively lesser than that of the other countries around the world eg. Europe which made the safety of the private information of the Indian users much more at risk than that of the users from the other countries

Suggestions & conclusion

In conclusion, the changes in WhatsApp’s privacy policy have caused a lot of concern among users around the world and raised concerns about the security of users’ personal information. Although the app claims that the policy changes are safe for users and that the changes are necessary to improve the app to provide better services (such as better and more relevant ads and product services), the cost of this supposedly free messaging is privacy and users claim that it violates their right to privacy and users. would not feel safe unless the policy is changed. There is a very legitimate fear among users that sharing WhatsApp data with Facebook and other third-party apps would lead to misuse of their private data, such as a person’s phone number. and an address that, if in the wrong hands, could be a very serious threat to their safety and that of their friends and family members. A person’s private information is the most basic level of security that an application like WhatsApp should offer its users, and its incompetence to provide users with the assurance of security measures means that change is urgently needed.

Some suggestions that would work to resolve this would be if the users could use an alternative app for exchanging information and messages with their friends and family.

There is a severe lack of laws in the country that protects a person’s privacy rights and digital data. The government of the country should be more aware and sanction better data protection laws and regulations so that the users’ data is not compromised. It should prevent companies from engaging in collecting and sharing data from their users. This issue could also be resolved if WhatsApp gave its user the option to opt-out from sharing their details and make the changes clearer and more concise to its user before they started to implement their changes since WhatsApp’s vague and unclear way of informing their users left them in a state of confusion.

Author- Subhalaxmi Dasgupta IFIM Law College, Bengaluru

EXAMINING THE IMPLICATIONS OF WHATSAPP’S PRIVACY POLICY ON USER’S RIGHT TO PRIVACY