The WhatsApp dispute is not just about one Chatapp. The issues raised impact every single digital platform resorting to “click-wrap” agreements, which refer to the standard form contracts we accept in every digital platform by clicking “I Agree” or its equivalent.

“By clicking I accept, you agree to be bound by the terms”. Innocuous. Standard. What if that click resulted in you signing away your first born? Or to continuous surveillance by law enforcement? That is exactly what nearly two-thirds of subjects participating in a University of Connecticut experiment in 2016 signed off on, to use a fictitious social media platform “Name Drop”.

With increased reliance on digital platforms, ensuring equitable terms even when they are non-negotiated, is an imperative and not merely an indulgence. With millions of users opting for one platform, there is monopolistic practice and hence users require protection against abuse thereof.

Users cannot be placed in the unenviable predicament of Buridan’s ass qua their privacy on one hand and communication or necessity on the other.

Choice matters

Be it a free service or a paid subscription, terms of contract can be enforced only when they are fair and equitable. This is the crux of the WhatsApp fracas. It is irrelevant if users have the choice to exit. What matters is the choice given to users to USE a service on equitable terms.

The WhatsApp case will, therefore, not only decide this issue for one company but for all click-wraps qua Indian users. It will also guide commercial entities in formulating their policies without infringing rights. Courts are best positioned to intervene and protect user interests at this juncture. “Balance of convenience” that decides injunctive reliefs lies clearly in favour of protecting user interests now, as any intervention after data is shared will be pyrrhic.

The opportunity to evolve jurisprudence on click-wraps, especially with respect to modifications of “privacy policies”, arose before the Delhi High Court in the Karmanya Singh Sareen v. Union of India public interest litigation (PIL) in 2016. Unfortunately that opportunity was missed.

Now this case is before the Supreme Court and another PIL before the Delhi High Court contesting the 2021 modification of privacy policy terms by WhatsApp. Indian courts indeed are therefore best positioned to protect user rights immediately through injunctive reliefs.

Even prior to 2017, US courts decided many such cases to refuse enforcement of unconscionable or oppressive terms that may be imposed in click-wrap agreements, as I have covered in my book Technology Laws Decoded . These decisions have persuasive value for Indian courts to rely on if so required.

With the Competition Commission having ordered investigation into possible abuse of dominant position by WhatsApp and Facebook, the issue of abuse of dominant position or monopolistic practices harming users has been flagged. This will play a material role in deciding the legality and conscionability of WhatsApp’s move to modify privacy policy after inviting millions of users to its platform on the basis of privacy assurances.

India was in an enviable position to protect user interests in a timely manner either through legislative action of passing the Personal Data Protection (PDP) legislation or through effective additions to the Intermediary Guidelines that were notified in February 2021. Neither happened. PDP laws still remain a distant dream and the Intermediary Guidelines did not address unilateral changes to privacy terms.

The Government has however taken a strong stance before the Delhi High Court and followed it up with a letter to WhatsApp to recall its privacy policy changes for Indian users on the grounds of violation of existing laws.

India is not devoid of personal data protection laws. Though minimalist, Sections 43A and 72A of the Information Technology Act, 2000 (as amended) and Rules Framed thereunder provide some succour to Indian users. The Rules framed under Section 43A of the IT Act draws on data principles including consent and purpose limitation from the then prevalent EU Data Directives of 1995 (the predecessor to the General Data Protection Regulations of 2016 , which became effective from May 2018) and that of UK.

These read with the Intermediary Guidelines provide the ammunition to the Government to seek action against WhatsApp if its letter is not acceded to. The sustainability or otherwise will be decided by judicial review.

WhatsApp’s defence

WhatsApp has been resorting to generic statements about the sanctity of user data referencing its “end to end encryption”, which appears to be a diversionary tactic. The primary concern of users that remains unaddressed and couched in ambiguity is of the extent of data being collected by WhatsApp and that which is being shared with Facebook or associated companies.

WhatsApp would have to provide transparency on this not just for its 2021 terms but prior thereto. Courts again are best positioned to seek this transparency and ought to do so in the interest of true privacy protection.

In addition, WhatsApp will also have to address the differential treatment argument — that is, allowing opt-out to the EU but not for India. Here again the Government’s intervention becomes crucial, as it in effect appears to claim equal legal status and not just equitable intervention.

In all, the WhatsApp fracas is a boon in disguise. It has helped users become more aware and to question corporate actions in the name of their convenience. It has also given the opportunity for law and precedent to evolve and hopefully such process would result in better protection of users’ fundamental right to privacy.

The writer is an Advocate, Supreme Court of India, and Founder – Cyber Saathi