WhatsApp stirred up privacy experts of the world and its huge userbase by announcing a new data privacy policy on 4th January 2021. The new privacy policy ‘took away’ the right to denial of a user to share his information with third parties. The initial deadline to ‘accept the terms or leave the platform’ was set to 8th February 2021 which it soon postponed to 15th May 2021 owing to the huge uproar against it. While a huge number of users have shifted permanently to other competing services like Signal and Telegram, WhatsApp still boasts of more than 400 million users.[i] As the deadline approaches, the dilemma becomes stronger than ever for these users: should one accept them, and if not, what is at stake.





WhatsApp generally collects ‘service related, diagnostic and performance information’. The OTT messaging giant uses the data to better customize and fix their services. Further, access to relevant user data enables the company to do an effective research & development. The updated terms further enable ‘WhatsApp Businesses Accounts’ to share the information they receive to third parties they work with (like Facebook). The updated terms state “…some businesses might be working with third party service providers (which may include Facebook) to manage their communications with their customers…” with regards to Business Accounts. The stored and shared information would be further used for business development (benefits business) and displaying custom ads (benefits business with outreach and third party with ad revenue) over internet and/or Facebook (depending upon who the third-party service provider is).





WhatsApp maintains that user chats still remain end-to-end encrypted and that the only data that can be stored externally by third parties relates to Business Accounts. But the security of that data is a huge concern. According to a report by Times of India dated 12th January 2021, more than 1700 private WhatsApp groups’ links were available on the internet.[ii] Incidents like this raise red flags over data security and the intention of third parties towards data security in India.


Further, when put to constitutional test, these updated privacy terms seem a bit unfair as far as right to privacy is concerned. In the landmark privacy judgement Justice K.S. Puttaswamy (Retd.) v. Union of India[iii]a nine-judge judgement recognized privacy as intrinsic to the Right to Life under Article 21[iv] of the Indian Constitution. The nine-judge bench while delivering the judgment in the matter commented, “…Privacy safeguards individual autonomy and recognizes the ability of the individual to control vital aspects of his or her life. Personal choices governing a way of life are intrinsic to privacy…”. The new privacy terms put an obligation on the user to either accept the policy on or before the cutoff date or shift to some other service as their WhatsApp accounts shall be deleted. For a person to switch to a new such service is not as easy as it seems. It needs at least 75% of someone’s contact to shift to that new service in order to make the switch a viable option for the person.[v] WhatsApp’s huge user base even after mass migration to competing service(s) clearly indicates that to switch is not an easy option for the majority of the users in the country.


This means only one thing, coercing every user in accepting the policy is making them compromise the very Right to Privacy that Puttaswamy guaranteed under Article 21. In numerous judgements, the Supreme Court of India has held that the Doctrine of Waiver cannot be applied on Fundamental Rights, i.e., no person can waive off or barter one’s fundamental rights.[vi][vii][viii] Hence, a policy that compels the user(s) to surrender a Fundamental Right cannot be called a just policy in any case.





The coercive Privacy Policy needs to be seen by Competition point of view to check its effect on the market. The Competition Commission of India (CCI) in Harshita Chawla v. WhatsApp Inc. & Facebook Inc.[ix] found prima facie that WhatsApp is a dominant market player for OTT messaging apps through smartphones in India. Further, as per Section 4(2)(a)(i)[x] of the Competition Act, 2002, imposition of “unfair or discriminatory conditions in purchase or sale of goods or services” is termed as an abuse of dominant position. The user discretion that WhatsApp provided against sharing of the user data has been taken away in the updated terms. Also, since these terms are contrary to Article 21 of the Constitution, they are nothing but unfair or discriminatory.


In addition to this, more the data an IT Corporation has, more becomes its bargaining power in the market resulting in a ‘non-price competition’ and may lead to detrimental treatment by dominant platforms where no/less alternatives are present. This behavior has the ability to form an entry barrier and foreclose the entry of competitors in the marker, and in essence to violate section 4(2)(c)[xi]of the Act. Hence, such policy is not only discriminatory with respect to a consumer but also possesses the ability to wipe competition out of the market.





The Information Technology Act, 2000 read with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI rules) are responsible for Data Protection in India. Section 43A of the act makes a corporate body liable to pay damages to affected persons if the body is negligent with respect to sensitive data/information and causes wrongful loss or wrongful gain to any person. Further, sections 72 and 72A deal with punishments of contravention of section 43A. Since the primary goal of the legislation is to deal with cybercrime and electronic commerce, it is not a full proof law in itself.


After the landmark judgement in Puttaswamy, the Supreme Court constituted Justice B.N. Srikrishna Committee to look into a draft legislation. A revised version of the submitted draft bill is what we now know as Personal Data Protection Bill, 2019 (PDP Bill). The bill is based on the EU's General Data Protection Regulation (GDPR) by virtue of which WhatsApp could not introduce the updated privacy terms in EU Nations. GDPR makes the user consent mandatory to collect and process personal data separately for each unrelated purpose. The PDP Bill was tabled in Indian Parliament on 11th December 2019. As per now, the Bill is with a 30-member Joint Parliamentary Committee (JPC) and is yet to see the light of Presidential Assent.





It depends on the personal choice of a user. One may find the collected information and the use by Businesses and third parties trivial and may continue to use WhatsApp. We all are aware how Facebook collects and uses the user data and it still boasts humongous user base. Still, one might need to be careful when interacting with businesses. Knowingly or unknowingly whenever we select the option to receive information regarding online transactions/shopping/orders via WhatsApp, we share a considerable user data with the business and as well as with a third-party. But if one finds such coercive practice as unfair and the lack of proper legislation bothers him/her, one might consider switching to competing applications such as Signal and Telegram and become the part of the anticipated 75% Contact list for someone else.



[iii](2017) 10 SCC 1

[iv]The Constitution of India, 1950, Art. 21- Protection of Life and personal liberty: No person shall be deprived of his life or personal liberty except according to a procedure established by law

[vi]Basheshar Nath v. Commissioner of Income Tax (AIR 1958 SC 149)

[vii] Nar Singh Pal v. Union of India [(2000) 3 SCC 588]

[viii] Olga Tellis v. Bombay Municipal Corporation (AIR 1986 SC 180)

[ix] CCI Case No. 15 of 2020, order dated 18.08.2020

[x]The Competition Act, 2002, S.4- Abuse of Dominant Position:

(2) There shall be an abuse of dominant position 4 under sub-section (1), if an enterprise or a group-

(a) directly or indirectly, imposes unfair or discriminatory-

(i) condition in purchase or sale of goods or service

[xi]The Competition Act, 2002, S.4- Abuse of Dominant Position:

(2) There shall be an abuse of dominant position 4 under sub-section (1), if an enterprise or a group-

                                (c) indulges in practice or practices resulting in denial of market access in any manner

Leave a Comment