WhatsApp’s tactical retreat

Synopsis –Need of Personal Data Protection law to safeguard citizens’ right to privacy.

Introduction –

• Last year, WhatsApp announced its controversial terms and privacy policy. It required users to accept the terms in order to continue using the platform’s services.
• However, after a long conflict, the company recently notified the Delhi High Court that it would not implement its amended privacy policy until the Personal Data Protection Bill took effect.
• However, The Personal Data Protection Bill has been pending for more than 3 years and the absence of the legislation causes huge concern.

What was WhatsApp new Terms of Service [ToS] –

The Businesses to operate easily – WhatsApp claims that the new privacy policy was required because it needs to share some information with Facebook in order to develop e-commerce capabilities in the app.

Under the new conditions, corporate accounts will be able to exchange private, personal data and information from those who engage with them.

Concerns related to Whatsapp new TOS-

• Violates the right to privacy – The revised ToS violates the right to privacy provided by the Constitution, as well as a 2016 pledge by WhatsApp to provide users with an opt-out from data sharing.
  • It will share users’ personal information and data with Facebook, primarily to boost ad-related income sources.
• Sharing of Metadata – WhatsApp may share one’s metadata, which is effectively anything other than the conversation’s actual content.
  • This means, the new policy virtually gives a 360-degree profile into a person’s online activity.
  • At the moment, there is no government control or regulatory supervision of this level of visibility into a person’s private and personal actions.

Effect of WhatsApp’s new ToS in other countries-

• In EU- This ToS is not applicable to EU users since it breaches the GDPR (General Data Protection Regulation), the World’s most advanced and comprehensive data privacy law.
• In US- This ToS cannot be applied as it violates privacy and data protection laws.

Steps taken by India in order to formulate legislation-

• In 2017, the union government formed the committee [led by retired Supreme Court Judge Justice BN Srikrishna] to deliberate on a data protection framework.
• In July 2018, the committee proposed a Personal Data Protection Bill with multiple protection levels and consent required before each step of data collection and processing. However, that proposal was never presented to Parliament.
• In Dec 2019, the redrafted version presented in parliament, which was criticized as Orwellian due to broad monitoring and data-gathering powers granted to government agencies. That draft bill has not been passed into law, and no Bill has been presented since 2019.

Way forward-

Legislation on data protection should be formulated which safeguards the rights provided to the Citizens, protect individual privacy, ensure autonomy, allow data flow for a growing data ecosystem.