WhatsApp’s updated privacy policy essentially takes away users’ choice of not sharing their data with other Facebook-owned and third-party apps. If users do not agree with the updated privacy policy of the messaging platform, they will have to quit WhatsApp by February 8 — when the new terms of service are set to come into effect. The 400 million WhatsApp users in India are faced with an unenviable choice: to either put their data at risk by agreeing to the new norms or opt out of WhatsApp and suffer social and economic exclusion, given the network hegemony and market dominance of the social media behemoth. WhatsApp’s move comes amidst a disturbing backdrop: millions of Facebook’s Indian users are still in the dark about how their data was misused in the data breach scandal by Cambridge Analytica in 2018. There is no clarity about the impact on Indian journalists and human rights activists who were among some 1,400 WhatsApp users globally spied upon using a surveillance technology developed by Israel-based NSO Group.
Even as Facebook's credibility to protect user data is waning, the Indian Government’s response to concerns around data privacy has been underwhelming. In 2018, after Facebook disclosed the data breach by Cambridge Analytica, it was forced to pay $5 billion by the US Federal Trade Commission for deceiving American users. In India, the Ministry of Electronics and Information Technology issued a strong statement promising stringent action, including summoning Facebook founder Mark Zuckerberg. Three years later, not even a token fine has been imposed, although data of Indian users were compromised.
Indian lawmakers must put in place a strong data protection law at the earliest. An expert committee chaired by retired Justice BN Srikrishna had submitted its recommendations for drafting The Personal Data Protection Bill in 2018. Three years on, the proposed law is stuck in Parliamentary wrangles, even as the Supreme Court in 2017 declared privacy a fundamental right. In contrast, Europe put in place the General Data Protection Regulation in 2016, as a result of which there is constant scrutiny over how Internet companies treat user data. WhatsApp’s latest updated privacy policy guidelines won’t be applicable for an individual residing in Europe. Both US and EU have initiated a number of anti-trust lawsuits against Facebook and Google. Google has been fined a combined $9.5 billion since 2017 by EU antitrust regulators. The Federal Trade Commission and 46 state attorneys general have initiated an anti-trust suit against Facebook calling for separating Instagram and WhatsApp from the parent firm. Tech firms offer their products and services for free, collecting customer data and selling them to advertisers. Platforms which have been accused of not doing enough to protect users’ data, and generate billions in profit in the bargain, cannot be trusted to do their own policing. The Centre should place checks on WhatsApp and enact a robust data protection law.