WhatsApp Privacy policy Issue and Data protection in India

ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 18th June. Click Here for more information.


The recent WhatsApp privacy policy attracted widespread criticism among various sections of society for its latest privacy policy. Due to severe protests, WhatsApp has issued clarification related to its policy. But there is a wider concern about data protection in India.

Click here to read about the new Whatsapp privacy policy

What is the clarification WhatsApp has issued?

In its latest clarification, WhatsApp is trying to differentiate between “messages with friends or family” and “messages with a business”.

Whatsapp says that the latest changes only affect the “messages with a business”. Policy regarding “messages with friends or family” will remain the same.

In its clarification WhatsApp has issued the following statements:

    • Personal messages are protected by end-to-end encryption and neither accessed nor heard by WhatsApp or Facebook.
    • No log of personal messages or calls has been maintained due to “privacy and security risk”.
    • Location shared by users are also protected by end-to-end encryption and cannot be seen by WhatsApp or Facebook.
    • Any user’s contact is not shared with Facebook or any other App.
    • All the communications within WhatsApp groups are end-to-end encrypted and are not shared with Facebook for Ads.
How business messages are different?
    • Businesses on Facebook will be able to create Facebook shops to create an online store and interact with the users through WhatsApp.
    • WhatsApp will soon offer businesses with Facebook’s hosting services to manage their communication with users.
    • On these hosting services, Businesses will soon be provided with the facilities to manage WhatsApp chats with their customers, answer questions and send information like purchase receipts.
    • Businesses will be allowed to use the above information for their marketing, including ads on Facebook.
    • However, Businesses using Facebook’s hosting services will be labelled, to make the user aware of what follows.
    • If the users are interacting with the businesses on WhatsApp for shopping or other purposes, their shopping activities will be shared with Facebook to personalise their experience on the related ads on Facebook and Instagram.
What is the Privacy Policy in EU?
    • Privacy policies of different countries put different types of restrictions on businesses. EU’s General Data Protection Regulation (GDPR) provides much more control to the users on their personal information shared on the online platforms.
    • While in the EU also, WhatsApp privacy policy talks about sharing information with Facebook, but users have an additional right “Managing and Retaining Your Information”.
    • As per WhatsApp’s own policy for EU, Users there can access, rectify, port, and erase their information.
    • They can not only restrict or object to a certain type of information used by the platform but also can withdraw their consent to WhatsApp for processing of data.
How data is protected in India?   

In Puttaswamy v India (2017) case, privacy was established as a fundamental right. In other cases, MP Sharma v. Satish Chandra (1954) and Kharak Singh v. Uttar Pradesh (1962), as well, Privacy rights were upheld by SC.

As India has not implemented the Personal Data Protection Bill, there is no control over how user data will be processed by tech companies.

Click here to read about the challenges of Personal Data Protection Bill.

Apart from this IT Act 2000, and its amendment in 2008 deal with data protection to some extent.

    • Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011 issued under the Information Technology Act, 2000, provides a measure of legal protection of personal information
    • Breach of data privacy is punishable under Section 72-A of the IT Act. The Act Penalises the offender for three year imprisonment or a maximum fine of Rs 5 lakh.
    • But this provision is only applicable to corporate entities not to individuals.
    • Rules are restricted to sensitive personal data — medical history, biometric information, and sexual history, among other things.
Way forward:

Justice BN Srikrishna committee report talks about three approaches to data protection and a draft data protection bill.

    1. The US model of laissez-faire approach: The USA does not have an overarching data protection framework.
    2. European Model of GDPR: Provides control of personal data in the hands of the data generators (Users)
    3. China’s model of protecting National interests: China created a national law in 2017 which contains top-level principles for handling personal data.

Though WhatsApp’s privacy policy is relaxed to some extent it is not perfect. This might be the first of many such privacy guidelines by the companies operating in India. The solution lies in the faster enactment of the Personal Data Protection Bill and the successful implementation of the Act. It is high time the government should enact the same.



Print Friendly and PDF