WhatsApp’s privacy policy changes violate consumer rights

| Updated on May 25, 2021

The government's response to such indiscretions by tech giants has been inadequate

Now that WhatsApp has clearly indicated in its response to the Centre’s missive last week that it cannot roll back changes to its privacy policy, the latter has no option but to act. The absence of a personal data protection law is a huge handicap in this context but the existing laws, specifically Sections 43A and 72A of the Information Technology Act, 2000, read along with rules framed thereunder, offer scope for the government to act against WhatsApp. Such a course of action may take the battle to the courts but that may not be a bad option as the courts seem best positioned now to offer relief to users and help the law evolve. There is already a PIL being heard in the Delhi High Court on this issue. The basic problem with WhatsApp’s move is that it fails to provide a guarantee against non-disclosure to third parties or allow users to withdraw consent later. . These rules are not only a breach of privacy but also a breach of trust because it allows WhatsApp to share metadata of individual users with Facebook; data of over 400 million users in India is at risk. The choice of quitting the platform (an argument trotted out by those averse to government intervention) cannot be easily exercised, owing to the ‘network effect’ or market dominance of WhatsApp. The messaging platform’s overreach assumes serious dimensions, given its forays into fintech and its use by banks and companies in communication with customers.

That said, the Government's response to such indiscretions by tech giants has been inadequate. In 2018, the US Federal Trade Commission forced Facebook to cough up $5 billion in the Cambridge Analytica data breach case. In India, the government issued a strong statement promising stringent action, including summoning Facebook founder Mark Zuckerberg. Three years later not even a token fine has been imposed even though data of Indian users were also compromised. While the Information Technology Rules (2011) provides some teeth to the Centre to take action against such violations ex post, a strong data protection law would have been a pre-emptive deterrent. WhatsApp has rubbed this in in its response on Monday pointing out that its position will remain unchanged until a personal data protection law is passed. Unfortunately, the Personal Data Protection Bill has got stuck in Parliamentary procedures since 2018. In contrast, Europe has put in place the General Data Protection Regulation in 2016 because of which there is constant scrutiny over how Internet companies treat user data. It is thanks to this that WhatsApp was forced to offer the ‘opt-out’ option to subscribers in the EU.

From influencing consumer shopping behaviour to determining the political destiny of countries, Facebook and WhatsApp wield tremendous influence over daily life, commerce, and democracy. The Centre will have to wake up to this reality and quickly move on enacting the Personal Data Protection Bill.

Published on May 24, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like