WHY DOES WHATSAPP COLLECT USER INFORMATION
WhatsApp generally collects ‘service related, diagnostic and performance information’. The OTT messaging giant uses the data to better customize and fix their services. Further, access to relevant user data enables the company to do an effective research & development. The updated terms further enable ‘WhatsApp Businesses Accounts’ to share the information they receive to third parties they work with (like Facebook). The updated terms state “…some businesses might be working with third party service providers (which may include Facebook) to manage their communications with their customers…” with regards to Business Accounts. The stored and shared information would be further used for business development (benefits business) and displaying custom ads (benefits business with outreach and third party with ad revenue) over internet and/or Facebook (depending upon who the third-party service provider is).
DO THE UPDATED TERMS AFFECT USERS’ PRIVACY?
WhatsApp maintains that user chats still remain end-to-end encrypted and that the only data that can be stored externally by third parties relates to Business Accounts. But the security of that data is a huge concern. According to a report by Times of India dated 12th January 2021, more than 1700 private WhatsApp groups’ links were available on the internet.[ii] Incidents like this raise red flags over data security and the intention of third parties towards data security in India.
Further, when put to constitutional test, these updated privacy terms seem a bit unfair as far as right to privacy is concerned. In the landmark privacy judgement Justice K.S. Puttaswamy (Retd.) v. Union of India[iii]a nine-judge judgement recognized privacy as intrinsic to the Right to Life under Article 21[iv] of the Indian Constitution. The nine-judge bench while delivering the judgment in the matter commented, “…Privacy safeguards individual autonomy and recognizes the ability of the individual to control vital aspects of his or her life. Personal choices governing a way of life are intrinsic to privacy…”. The new privacy terms put an obligation on the user to either accept the policy on or before the cutoff date or shift to some other service as their WhatsApp accounts shall be deleted. For a person to switch to a new such service is not as easy as it seems. It needs at least 75% of someone’s contact to shift to that new service in order to make the switch a viable option for the person.[v] WhatsApp’s huge user base even after mass migration to competing service(s) clearly indicates that to switch is not an easy option for the majority of the users in the country.
This means only one thing, coercing every user in accepting the policy is making them compromise the very Right to Privacy that Puttaswamy guaranteed under Article 21. In numerous judgements, the Supreme Court of India has held that the Doctrine of Waiver cannot be applied on Fundamental Rights, i.e., no person can waive off or barter one’s fundamental rights.[vi][vii][viii] Hence, a policy that compels the user(s) to surrender a Fundamental Right cannot be called a just policy in any case.
CAN THE UPDATED USER TERMS AFFECT MARKET?
In addition to this, more the data an IT Corporation has, more becomes its bargaining power in the market resulting in a ‘non-price competition’ and may lead to detrimental treatment by dominant platforms where no/less alternatives are present. This behavior has the ability to form an entry barrier and foreclose the entry of competitors in the marker, and in essence to violate section 4(2)(c)[xi]of the Act. Hence, such policy is not only discriminatory with respect to a consumer but also possesses the ability to wipe competition out of the market.
DATA PROTECTION IN INDIA
The Information Technology Act, 2000 read with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI rules) are responsible for Data Protection in India. Section 43A of the act makes a corporate body liable to pay damages to affected persons if the body is negligent with respect to sensitive data/information and causes wrongful loss or wrongful gain to any person. Further, sections 72 and 72A deal with punishments of contravention of section 43A. Since the primary goal of the legislation is to deal with cybercrime and electronic commerce, it is not a full proof law in itself.
After the landmark judgement in Puttaswamy, the Supreme Court constituted Justice B.N. Srikrishna Committee to look into a draft legislation. A revised version of the submitted draft bill is what we now know as Personal Data Protection Bill, 2019 (PDP Bill). The bill is based on the EU's General Data Protection Regulation (GDPR) by virtue of which WhatsApp could not introduce the updated privacy terms in EU Nations. GDPR makes the user consent mandatory to collect and process personal data separately for each unrelated purpose. The PDP Bill was tabled in Indian Parliament on 11th December 2019. As per now, the Bill is with a 30-member Joint Parliamentary Committee (JPC) and is yet to see the light of Presidential Assent.
THE BIG QUESTION
It depends on the personal choice of a user. One may find the collected information and the use by Businesses and third parties trivial and may continue to use WhatsApp. We all are aware how Facebook collects and uses the user data and it still boasts humongous user base. Still, one might need to be careful when interacting with businesses. Knowingly or unknowingly whenever we select the option to receive information regarding online transactions/shopping/orders via WhatsApp, we share a considerable user data with the business and as well as with a third-party. But if one finds such coercive practice as unfair and the lack of proper legislation bothers him/her, one might consider switching to competing applications such as Signal and Telegram and become the part of the anticipated 75% Contact list for someone else.
LIST OF REFERENCES