Why WhatsApp faced backlash?
What are the changes proposed in Privacy Update?
The data being shared between WhatsApp and Facebook is primarily metadatato offer integrations across the social media giant’s products. Metadata is not messages, calls, it is different. For instance, it collects mobile device information like the operating system(Android, iOS others), phone model, screen resolution, IP addresses, language, coarse location (which means they can track the city you are in but not your actual location). WhatsApp can’t read user’s messages as they are end-to-end encrypted and also it doesn’t keep logs of who a person messages or calls. Neither can WhatsApp see the shared location nor can it share users’ contacts with Facebook.
Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.
So, the major changes brought by this privacy update are:
✓ Some businesses might use “hosting services” from Facebook that are used to manage chats with customers, answer their questions, send helpful information. WhatsApp can see and store these chats with the business account and also share them with Facebook.
✓WhatsApp can also use this collected information for its marketing purposes, which might include advertising on Facebook. This simply means that you might talk to a business about purchasing something from themand later you see an ad for the same on Facebook. WhatsApp has assured that it will clearly label conversations with businesses that choose Facebook’s hosting services.
✓WhatsApp also has features like Shops, where businesses can display their goods right within the app and WhatsApp can use user’s shopping activity to personalize his/her shops experience and ads on Facebook and Instagram.
✓ Users may also see an ad on Facebook with a button to message the business using WhatsApp. And if users interact with these ads then Facebook may use this information to personalize the ads that users see on the social network.
Hence, for a user,the most likely effect via the new policy update will be more targeted ads across Facebook-owned platforms such as Messenger, Instagram, and Facebook. Moreover, if a user doesn’t want to talk to any business account on WhatsApp, he/she has the option of blocking it straight on the app. Also, when one is ordering products from websites, some might ask for updates on WhatsApp which can be denied by the user. WhatsApp also offers the feature of “disappearing messages” or downloading one’s data which can ensure extra privacy to users.
Even in 2017, EU authorities fined Facebook 110 million euros ($133 million) for misleading regulators during a 2014 review of its takeover of WhatsApp.
WhatsApp’s EU policy gives users there the right to access, rectify, port, and erase their information as well as the right to restrict and object to the processing of their information. WhatsApp shares user’s data with Facebook even in EU nations but users there get a special settingthat is not available anywhere else, called “Managing and Retaining Your Information” which allows them to rectify, update or erase information controlled by WhatsApp. Because of GDPR users in EU can even withdraw their consent to WhatsApp for processing their data.
Federal Trade Commission (FTC) of US has also filed a lawsuit against Facebook for its anti-trust and anti-competitive policies. It has also raised questions on Facebook’s acquisition of WhatsApp and Instagram which made Facebook to dominate social media in the last five years. FTC wants Facebook to sell off both WhatsApp and Instagram in case it wins the cases.
Recently, Turkish President Recep Tayyip Erdogan’s media office and his country’s defence ministry talked about dropping WhatsApp. Billionaire Elon Musk also endorsed WhatsApp’s rival app Signal to his Twitter followers.
Provisions in India and Data Protection Bill
Right to Privacy was held to be a fundamental right in the landmark Justice K.S.Puttaswamy(Retd) v. Union of India, judgment but still there is very limited protection available to Indian users under the Information Technology Act as it remains ordinarily unenforceable, also it does not provide any credible remedy. India’s dearth of a data protection law means that there is no relief that a user can get in case of a breach or misuse of data. The metadata being collected by Facebook gives a 360-degree profile of a person’s online activity and this level of insight into user’s activities is done without any regulatory provisions in India. Moreover, without any data protection authority, the users are left with a company’s assurances and privacy policies.
In December 2019, the government introduced a Personal Data Protection Bill in Parliament. The Bill is currently being analysed by a Joint Parliamentary Committee. The billmandates setting up of an independent body named Data Protection Authority (DPA) to take up matters relating to privacy and to redress consumer grievances. Even the method of data classification into sensitive personal data and critical data has been defined and their processing possibilities mentioned in the bill.
The Bill obligates organizations to:
a) act transparently in its processing of data
b) implement appropriate security measures
c) promptly notify the authority about any data breaches and keep accurate
And gives users the right to:
a) determine what personal information is being processed in the organization’s possession
b) request correction of any inaccurate information
WhatsApp would not have been able to introduce this privacy update in India like in EU if India had a data protection law. As ‘Section 5’ of the Personal Data Protection Bill, introduced in the Parliament, proposes that companies can only use the information for purposes reasonably linked to the purpose for which information was given which signifies that if a user is giving data to WhatsApp for interacting with friends and family then that data can’t be used or shared with people to run their businesses. Hence, if this section was there in India, WhatsApp’s new privacy update would have been illegal and as in the case of EU, WhatsApp would have been obligated to make a differential policy for India.
WhatsApp’s new privacy update brings major changes in interaction with business accounts only and doesn’t affect personal chats. But it doesn’t mean that WhatsApp doesn’t share user’s data with Facebook and can be relied upon.WhatsApp’s end-to-end encryption clause remains intact but this only ensures that it can’t see user’s messagesor share them with anyone but it can share one’s metadatawhich is essentially everything beyond the actual text of the conversation with Facebook and other apps.
It is also a fact that Facebook does not have a stellar record of data protection of its users, as evident by the Cambridge Analytica data scam during the 2016 US elections. In order to ensure a safer digital space for Indian users, the tech giants needa more legal and regulatory watch. Hence, India should do no more delay and come up with a Data Protection lawto regulate the private sector’s ever-increasing appetite for personal data and also thwart the monopolization of certain companies. India’s data bill should emphasize on GDPR’s core principles of storage and purpose limitation and data use accountability. Tighter wording of the bill is essential to safeguard against abuse.
• Chatting with a business account on WhatsApp? Here’s what you need to keep in mind, WhatsApp Privacy Update and business account, The Indian Express, (January 13, 2021, 11:10:09 am), https://indianexpress.com/article/technology/tech-news-technology/whatsapp-privacy-policy-update-what-happens-when-you-interact-with-business-accounts-7143099/.
• Privacy and surveillance: On WhatsApp user policy change, WhatsApp policy change, The Hindu, (January 22, 2021, 11:54 pm),
• Salman Waris, Personal Data Protection Bill-Status of The Legislation And Data Regulation Regime In India, Data Protection Bill India, mondaq(January 26,2021), https://www.mondaq.com/india/data-protection/1022956/personal-data-protection-bill-status-of-the-legislation-and-data-regulation-regime-in-india.
• Rohin Dubey, The Great Data Protection Debate: India’s new Data Protection Bill,Data Protection Bill India, BarandBench, (December29,2020,8.35am)https://www.barandbench.com/columns/the-great-data-protection-debate-indias-new-data-protection-bill.
• Divya J Shekhar, Data Protection Bill: Can it ensure your privacy online?, Data Protection Bill, Forbes India, (January 19, 2021, 4:23:30 pm),
• Subimal Bhattacharjee, The WhatsApp Fix, Data Protection Bill and WhatsApp Privacy Update, The Indian Express, (January 23, 2021, 8:38:19 am),
Kritika Oberoi (Army Institute of Law Mohali)