WhatsApp is legally bound to not share data with Facebook in the European Region because it’s a contravention of the provisions of the General Data Protection Regulation (GDPR), Arghya Sengupta, Research Director at Vidhi Centre for Legal Policy, told BusinessLine . GDPR is a regulation in the European Union law on data protection and privacy in the European Union and the European Economic Area.
“What is practically happening is, I am a user who has signed up to WhatsApp because I want to communicate with my friends and family. So I am giving my data for this, while you are using this data and sharing it with people to run their own businesses. That, actually, is the core of the issue - that the purpose that you are using the information for is not reasonably connected to the purpose for which the user is giving that information to you,” Sengupta explained.
There is only very limited protection which is available under the Information Technology Act, said Apar Gupta, executive director of Internet Freedom Foundation, a digital liberties organisation. “It remains ordinarily unenforceable, and it does not provide any credible remedy. It stands in contrast to other jurisdictions, specifically European countries, where, in fact, fines have been imposed on Facebook for integrating WhatsApp data - which were one of the conditions under which Facebook was permitted to purchase and operate WhatsApp by the Competition Commissions of certain European countries,” said Gupta.
India’s dearth of a data protection law also means that there is no relief that a user can get in case of a breach or misuse of data, as pointed out by Prasanth Sugathan, legal director of the digital rights organisation, SFLC.in.
“It virtually gives a 360-degree profile into a person's online activity. This level of insight into a person's private and personal activities is done without any government oversight at present or regulatory supervision,” said Gupta, adding that subtle forms of commercial exploitation, as well as micro-targeting by political campaigns are some of the possible outcomes of this.
Moreover, in the absence of a data protection authority, it leaves the users with a company’s own assurances and privacy policies, noted Gupta. “And if that company is...stating that it is now going to use your data and share it with the largest social network in the world, which is embedded on every second website and collect data from there as well, the integration of this data will essentially mean you're perpetually under the surveillance of the Facebook group of companies,” he cautioned.
When WhatsApp was launched back in 2009, it had made commitments that it will not sell user data to any third party. This changed after Facebook’s acquisition of the platform in 2014, and in 2017, it started sharing data with its parent company - but users were given a choice to not opt for this. Now, this has changed into a ‘take it or leave it’ policy.
Does this mean that users will now start opting for alternate messaging platforms?
Sengupta feels that 99.9 per cent of WhatsApp users in India will not care too much about this issue, what with privacy policies being generally difficult to be understood by the public.
However, among communities of people who have a higher degree of awareness about data protection and privacy, this shift is already perceptible, according to Gupta.
Signal, iMessage and Telegram are safer alternatives when it comes to messaging platforms, experts said.