CRITICAL INTERPRETATION OF WHATSAPP PRIVACY POLICY (2021)
INTRODUCTION
“Respect for the privacy of a User is programmed into WhatsApp’s DNA.” [1]
Updated privacy policy made by WhatsApp Messenger (owned by Facebook Inc.) on 04/01/2021, mainly snatches the choice that every User had to not share their data with other companies that are being owned by Facebook and/or any third-party applications. WhatsApp made sure that in the case where the User does not agree with the new privacy policy of it, then they have no other option but to leave WhatsApp Messenger as soon as the new terms and conditions of WhatsApp service come into reality.
WhatsApp claims that its end-to-end encryption will still be there for every communication between its Users. However, the above-mentioned fact only means that WhatsApp cannot see one’s messages and conversations, or can share them. With the updated privacy policy, WhatsApp has the option to share anyone’s metadata. Metadata basically contains everything beyond the actual text of the conversation.
The updated privacy policy is widely under controversy in that it virtually provides a 360* surveillance into the online activity of an individual. Such level of insight into an individual’s private and personal acts is been watched while Government cannot make any intervention for its oversight and cannot have regulatory supervision over it. If WhatsApp is claiming that they will now utilize their User’s metadata and can share it with the social network like Facebook which is considered to be the biggest Social media platform, the integration of such data will certainly mean that every User is now under permanent surveillance by the Facebook Companies and other as well.
In 2009, WhatsApp Messenger was launched while making a commitment that they will not sell their User’s data to anyone. Since Facebook Inc. has acquired WhatsApp in 2014, it was claimed that WhatsApp is initializing the policy of sharing of data with its parent company. At present, it becomes a strict “take it or leave it” policy.
UPDATES REGARDING WHATSAPP PRIVACY POLICY
a) WHATSAPP PRIVACY POLICY (2021)
On January 4th, 2021, WhatsApp reportedly has updated its new privacy policy and request its Users to either agree to the new policy or reject it and leave the application. The said update is regarding how businesses utilized the Facebook hosted services for the purpose of storing and managing their concern on WhatsApp. It further gives the idea of how WhatsApp is trying to integrate it with the Facebook Company. WhatsApp has published that the updated privacy policy can also give an impact on User interactions with business accounts.
WhatsApp’s privacy policy states that any information that it automatically gathers from the User will be shared with its parent Company. i.e., Facebook Inc. As far as privacy if chats in concerned, WhatsApp has stated that all User’s messages are being end-to-end encrypted. Neither WhatsApp nor third parties can access such contents of the messages. Further, if User tries to delete his/her account from WhatsApp Messenger, it does not mean that his past data has been deleted from WhatsApp. Such data which is collected by WhatsApp can be effectively utilized by Facebook & its subsidiary Companies to develop their services.
b) WHATSAPP PRIVACY POLICY FREQUENTLY ASKED QUESTIONS [2]
On 15th January 2021, WhatsApp has published an update on its Frequently Asked Question page. Under it, it talks about the new updated privacy policy was mainly regards to the business management on WhatsApp.
Further, clarifications on the said page are in regards to the privacy of the chats between the Users. WhatsApp repeatedly reiterates that through end-to-end encryption, all the messages that are being sent on private individual or group chats, are in an encrypted form, which includes any shared locations by the User to anyone.
c) EXTENDING DEADLINE OF NEW PRIVACY POLICY
WhatsApp had requested its Users to either accept the new updated policy before 8th February. However, it has extended the timeline till 15th May. WhatsApp Company has stated that their Users did not understand their new policy and have some issues and confusion in regards to its clarity. WhatsApp has further confirmed that the User’s account will not be deleted on 8th February.
d) CASE STUDY: CHAITANYA ROHILLA V. UOI & ORS. [3]
EQUIVALENT CITATION: W.P. © 677/2021 and & CM APPL. 1638/2021
· Facts: Before the Hon’ble Delhi High Court, a petition has been filed which questions the validity of WhatsApp privacy policy (2021). The Petitioner states that such Privacy policy amounts to a total violation of every User’s right to Privacy and it virtually provides a 360* surveillance into the online activity of an individual.
· The Petitioner has requested a direction upon the Central Government that it shall exercise its powers as mentioned under Section 79 (2) © read with Section 87 (2) (zg) of the Information Technology Act, 2000 (hereinafter referred to as “IT Act”) and thus making sure that sharing of User’s data with Facebook and its companies or any third party cannot be done by WhatsApp for any purpose.
· Observed and Held: The Hon’ble Delhi High Court took cognizance of the matter and observed that WhatsApp is a private messaging application. If the User does not want to use it anymore then the User must not use it. However, the Hon’ble Delhi High Court held that the present petition shall be listed before another Bench.
INTERPRETATION OF WHATSAPP PRIVACY POLICY
a) WHAT DATA IS NOT SHARED WITH FACEBOOK
· As per WhatsApp updated Privacy Policy[4], WhatsApp and/ Facebook cannot have the option to watch the private chats of the User which includes any group chats or hear any calls among friends, family, and co-workers. Further, all the data are being protected via an end-to-end encryption process.
· WhatsApp doesn’t keep any transaction records of who the User messages or calls.
· WhatsApp can’t see the locations that are being shared by the User with anyone.
· WhatsApp doesn’t share the user’s contact records with Facebook or its associated applications.
· Lastly, the User has the option to further set their chats to disappear after the completion of seven days. The User can download their data to monitor or observe what kind of information is available to WhatsApp by going to WhatsApp Settings -> Account -> Request Account information. When the Account information is available to one’s device then one can download it.
b) WHAT DATA WILL WHATSAPP SHARE TO FACEBOOK?
· WhatsApp has publically stated that it will share the data in respect to how a User interacts with a particular business on its Application. Such conversations will be clearly labeled. Further, WhatsApp will provide the businesses with a clear option to utilize the hosting services of Facebook for the purpose of managing the WhatsApp messages with their customers. Such WhatsApp messages include information such as purchase receipts and the conversation between customer and business entity. Businesses may utilize such information to develop their own advertising and marketing on Facebook.
· If a User does shopping from a particular business within the Application while utilizing Facebook commerce features, then the information regarding their shopping activity will be utilized to send the personalized advertisements on the platforms such as Facebook and Instagram. WhatsApp further clarified that such features will be of optional nature and its Users will be clearly informed as to how sharing of their data is being done with Facebook within the app.
· Information that WhatsApp might share with Facebook:
Ø User’s mobile number and some of the basic information such as their name and Email ID.
Ø User activity, the duration of the usage of WhatsApp Messenger by the User, User’s profile picture, etc.
Ø Name of the device that User has while using WhatsApp Messenger, User’s mobile network, and IP address.
Ø Collects & utilizes real-time location relating information from the device of the User as soon as the User gives permission for the same.
c) DELETING ONE’S WHATSAPP ACCOUNT MIGHT NOT HELP SECURE THE DATA
If the User tries to delete his or her account on WhatsApp Messenger within the Application, then its data of the User might not be deleted. When the User deletes his or her account, it does not affect the information of the User relating to the WhatsApp groups like their copy of the chats that User sent them.
d) WHY FACEBOOK WANTS THE DATA?
WhatsApp states that it needs it to increase its revenue and offering. Further, Facebook has generated revenue of around twenty-one billion dollars (third quarter of 2020) came from advertisements, while WhatsApp has generated no revenue.[5] So, WhatsApp is planning to serve an increasing number of targeted advertisements to Facebook and Instagram Users.
e) WHATSAPP PAYMENT
If the User utilizes the WhatsApp payments services, WhatsApp requests supplementary information about the User such as payment account and transaction records for the purpose of completing the transaction. If the User utilizes the WhatsApp payment services available in India, its privacy practices are described in the appropriate payments privacy policy.”[6]
Further, the CAIT (Confederation of All India Traders) has written a note to the Union IT Ministry asking for banning Facebook and WhatsApp or their restrictions on implementing the updated privacy policy. Any personal information such as payment records, location, etc, would be stored by WhatsApp Messenger for any purpose. Around twenty crore Users in India utilize Facebook and if Facebook was permitted for accessing such data, it can really rise a serious threat to every Indian citizen. [7]
WHY IS EUROPE BEING TREATED DIFFERENTLY?
WhatsApp has a legal obligation not to share the User’s data with Facebook Company in Europe. The main reason behind it is that it is contravening the Sections of the GDPR (General Data Protection Regulation).
The said obligation was updated on the webpage of Europe’s WhatsApp Frequently Asked Question. WhatsApp Company further stated that the updated privacy policy did not require European Users to agree to the data sharing with Facebook for the purpose of continuing utilizing such service. So, what obliges WhatsApp Company to make exceptions to the Users of Europe and permits them to get away with a stricter privacy policy in India?
The GDPR in Europe is strict and vigorous legislation in regards to privacy and data of its citizens, unlike the legislation in India wherein the Personal Data Protection Bill (2019) (hereinafter referred to as “the PDP Bill (2019)”) has not been implemented as an Act.
In 2017, Facebook was fined 122 million dollars by the European Commission (an executive arm of the European Union). It was alleged that Facebook has misled the European citizens for taking over WhatsApp.[8] It was an outcome of an investigation where it was found that Facebook officials knew in the year 2014 that it could be possible to link WhatsApp mobile numbers with users’ identities of Facebook.
For consent to be valid to process personal data as per EU law, the GDPR needs the users to be precisely informed of each and every specific usage and given a free choice as to whether such data can be processed for such purpose, according to Article 6 of GDPR. [9]
INDIAN LEGISLATION REGARDING WHATSAPP PRIVACY POLICY
Section 5 of the PDP Bill (2019), which has been introduced by the Parliament, did come out from Srikrishna Committee Report, which enumerates that an individual can only utilize the information for purposes that are reasonably connected to the purpose for which such information was provided. If such a Section was implemented as legislation today then such updated privacy policy of WhatsApp would have been void.
For instance, an individual is a User who has signed up to WhatsApp Messaging Services for the sole purpose to interact with his or her friends and family. So, such an individual is providing his or her data for this purpose, while WhatsApp is utilizing such data and sharing it with entities to run their own businesses. This is the core issue in the said privacy policy that the purpose that WhatsApp is utilizing the data is not reasonably linked to the purpose for which the user is providing such data to WhatsApp.
Section 43A of the IT Act gives a legal obligation on businesses to have a reasonable security practice for protecting the personal data of the User and for adopting a precise privacy policy in such regard.
SIGNAL V/S. TELEGRAM V/S. WHATSAPP
a) CHAT BACKUPS
· TELEGRAM: Telegram is based on cloud backup on their Servers by default. However, Secret Chats cannot be backed up.
· SIGNAL: In Signal, local backups can be enabled but is off by default.
· WHATSAPP: In WhatsApp, third party clouds are used for Backups. Backups are not been encrypted.
b) END-TO-END ENCRYPTED CHATS
· TELEGRAM: Telegram does not use the End-to-End Encryption process to encrypt or decrypt the Chats between the Users. However, the process of encryption is done from User — Server and then Server — User (not between the Users). So, the Server has the required keys in order to decrypt the chats between them.
· SIGNAL: Wholly End to End Encryption process is been there in Signal. Also, the User’s metadata is been encrypted.
· WHATSAPP: Chat has End to End Encryption between User to User in WhatsApp. However, as per the recent Privacy policy of WhatsApp, the metadata like Global Positioning System, mobile number, Percentage of Battery, IP Address, the opening of Applications via WhatsApp Messenger, etc, are not been encrypted.
c) SCREEN SECURITY
· TELEGRAM: Enabled only if the Secret chat option is turned on.
· SIGNAL: Enabled by default.
WHATSAPP: No such feature.
CONCLUSION AND SUGGESTIONS
In conclusion, it is quite evident that WhatsApp is integrating with its parent Company i.e., Facebook Inc. so that all the three major social networking platforms (i.e., Facebook, WhatsApp, and Instagram) shall form a part of a single package. And it can be safe to say that majority of the Users in India will not give much heed to such privacy issues due to the reason that the said privacy policy is difficult to be understood within the public at large.
WhatsApp will not be considered as a secure and safe messenger application as such data that will be collected by the Company will not be under Governmental Control.” The reason is reiterated again that there consist of no specific legislation at present in India, while the PDP Bill (2019) has not implemented as an Act and no Governmental control over the implementation of such privacy policy by WhatsApp.
SUGGESTIONS
1) PURPOSE TO PROCESS DATA BY WHATSAPP: The core issue in the said privacy policy that the purpose that WhatsApp is utilizing the data is not reasonably linked to the purpose for which the user is providing such data to WhatsApp. The purpose of giving the data shall be linked with the purpose of utilizing such data.
2) REGULATORY BODIES: The Central Government should either form a Regulatory body in order to guide customers or should pass the PDP Bill (2019) as an Act as there is news regarding the possibility of such a Bill becoming an Act in the year 2021. Consumers nowadays usually do not have the time or knowledge to understand such complex privacy policies made by WhatsApp.
3) BURDEN OF PROOF ON PRIVACY: The burden of proof on privacy should be upon the shoulders of service providers (i.e., Business Entities) rather than Consumers. Businesses should be acting as the data fiduciaries and should act in accordance with the interest of the User rather than aiming for increasing the profits.
4) BETTER APPLICATION TO USE: Unlike WhatsApp, Signal has an option to write a “note to self” instead of forming a group of Users for sending notes to oneself. Users can also use the feature of “note to self” while interacting on other Signal groups. Further, Signal Application permits the Users for relaying their voice calls to Application Servers for the purpose of concealing their identity from their contacts. Lastly, Signal utilizes lesser data of the User while comparing it with WhatsApp.
REFERENCES
1) After backlash, WhatsApp clarifies its new privacy policy. (2021) (Retrieved 15 January 2021, from https://economictimes.indiatimes.com/tech/technology/after-facing-backlash-WhatsApp-clarifies-its-new-privacy-policy/articleshow/80226028.cms#:~:text=WhatsApp%20said%20it%20cannot%20see,share%20users'%20contacts%20with%20Facebook)
2) Art. 6 GDPR — Lawfulness of processing | General Data Protection Regulation (GDPR). (2021). Retrieved 18 January 2021, from https://gdpr-info.eu/art-6-gdpr/
3) Balbuzanova, V. “Don’t Kill the Messenger: How the New Technologies Used by Internet-Based Communications Providers are Gutting Compelled Disclosure Laws” (2020), Journal of Law & Cyber Warfare, 8(1), 121–152, Don’t Kill the Messenger on JSTOR. (2021) (Retrieved 17 January 2021, from
4) FE Online “Trouble mounts for WhatsApp as India starts ‘evaluating’ controversial new privacy policy update” (2021) (Retrieved 15 January 2021, from
5) Frier, S. “Facebook Posts Sales Jump on Ad Revival, Sees Uncertainty” (2021) (Retrieved 18 January 2021, from
6) Kharpal, A. “Facebook fined $122 million by EU for giving ‘misleading information’ about its takeover of WhatsApp” (2017) CNBC (Retrieved 15 January 2021, from
https://www.cnbc.com/2017/05/18/facebook-fine-eu-whatsapp-takeover.html)
7) Loas, N. “TechCrunch is now a part of Verizon Media” (2021) (Retrieved 15 January 2021, from https://techcrunch.com/2021/01/14/confusion-over-WhatsApps-new-tcs-triggers-privacy-warning-from-italy/)
8) Rajan, N. “Explained: Why WhatsApp is giving users more time to accept its privacy policy” (2021) (Retrieved 17 January 2021, from https://indianexpress.com/article/explained/WhatsApp-privacy-policy-explained-7149191/)
9) Ricle, J. “What is Secret Chat in Telegram and How to use it?” (2019), Telegram Adviser (Retrieved 19 January 2021, from https://www.telegramadviser.com/what-is-telegram-secret-chat/
10) Singh, A. “[WhatsApp Privacy Policy] If you feel WhatsApp will compromise data, delete it: Delhi High Court” (2021), Bar and Bench (Retrieved 18 January 2021, from
11) Singh, N. “WhatsApp’s Double Standards On Privacy Policy For India, Europe Raise Eyebrows” (2021), The Logical Indian, (Retrieved 17 January 2021, from
https://thelogicalindian.com/trending/WhatsApp-data-sharing-india-europe-26128)
12) Singh, S., & Blase, M. “Protecting the Vote: How Internet Platforms Are Addressing Election and Voter Suppression-Related Misinformation and Disinformation” (2020), New America (pp. 44–45) (Retrieved 17 January 2021, from
13) WhatsApp FAQ — Answering your questions about WhatsApp’s Privacy Policy. (2021). Retrieved 15 January 2021, from https://faq.WhatsApp.com/general/security-and-privacy/answering-your-questions-about-WhatsApps-privacy-policy/?lang=fb
14) WhatsApp Privacy Policy (2020). (Retrieved 17 January 2021, fromhttps://www.WhatsApp.com/legal/privacy-policy/?lang=en)