When Facebook bought WhatsApp in 2014, it pledged to protect its users’ privacy and stated that their privacy would not be violated under any circumstances. Any time Facebook was embroiled in a data privacy scandal, it vowed that users would have more control over their personal information. Until now, WhatsApp had always requested users’ permission before sharing their personal data with Facebook. 

On the other hand, the new strategy has disappointed users, who believe that Facebook has failed to live up to its data protection promises. The users say that they are being coerced to consent. 

If users do not adhere to the privacy policy, they will be forced to delete their accounts, which they have had for years. The policy’s “all or nothing” approach has caused consumers and the general public to be uncomfortable and dissatisfied.

Many WhatsApp users have switched to other instant messaging apps that provide adequate data protection. A week after WhatsApp revealed its new strategy, Signal and Telegram, two of WhatsApp’s rivals, saw increases of 17.8 and 15.7 million downloads, respectively. (Source: Lexlife) 

WhatsApp has stated that knowledge sharing would be restricted to information exchanged between business accounts and individuals. The users’ private and personal conversations will be kept confidential. This is being done in order for Facebook to have better services. According to the organization, the new strategy ensures “more openness and accountability in sharing the users’ data.”

Highlights of the information used by the WhatsApp:

WhatsApp uses information (subject to choices you make and applicable law) to operate, provide, improve, understand, customize, support, and market our Services. Here’s how:

Services: WhatsApp use information that has to operate and provide our Services, including providing customer support, completing purchases or transactions, improving, fixing, and customizing our Services, and connecting there Services with Facebook Company Products that you may use. WhatsApp also uses information to understand how people use our Services, evaluate and improve there Services, research, develop, and test new services and features, and further conduct troubleshooting activities. WhatsApp also uses your information to respond to you when you contact us.

Safety, Security, And Integrity: Safety, security and integrity are an integral part of our Services. WhatsApp also use information to verify accounts and activity, combat harmful conduct, protect users against bad experiences and spam, and promote safety, security and integrity on and off our Services, such as by investigating suspicious activity or violations of our Terms and policies, and to ensure our Services are being used legally. Please see the Law, Our Rights and Protection section below for more information.

Communications about Services and Facebook Companies: WhatsApp uses information that has to communicate with you about there Services and let you know about there terms, policies, and other essential updates. WhatsApp may provide you marketing for our Services and those of the Facebook Companies.

No Third-Party Banner Ads: WhatsApp still does not allow third-party banner ads on there Services. WhatsApp has no intention to introduce them, but WhatsApp will update this Privacy Policy if WhatsApp ever does.

Business Interactions: WhatsApp will enable us and third parties, like businesses, to communicate and interact with each other using our services, such as Catalogs for businesses on WhatsApp through which you can browse products and services and place orders. Businesses may send you transactions, appointments, shipping notifications; product and service updates; and marketing. For example, you may receive flight status information for upcoming travel, a receipt for something you purchased, or a notification when a delivery is made. Messages you receive from a business could include an offer for something that might interest you. WhatsApp does not want you to have a spammy experience; as with all of your messages, you can manage these communications, and WhatsApp will honour the choices you make.

If everything is that good, why is the move being questioned?

  • The public has heavily criticized the policy for two significant reasons:
  • Users’ consent is not needed for the sharing of their personal data or metadata.

WhatsApp will be able to perform two data mining experiments as a result of the new policy: communications between business accounts and individuals collecting metadata.

The revised policy explains how user data is exchanged with Facebook, companies on the site, and other third-party providers in greater detail. WhatsApp’s privacy FAQs state that it will share the following information with Facebook companies:

Data about how to create an account (such as phone numbers) Knowledge about the service If users use WhatsApp Pay, transaction data is collected.

The strategy has become even more contentious as a result of the latter part. Metadata has the ability to expose extremely confidential details about people, according to experts. To begin, it’s critical to comprehend what metadata is. In plain English, it means “data about data“. 

Contact information, the user’s location, financial information, and other data are among the metadata collected by WhatsApp. This metadata is then used to create a complete profile of that person. Facebook will then use this information to target users with business ads that are relevant to their profile. Users no longer have the option to agree to such metadata sharing under the new regulation.

A background about Data Privacy Laws in India:

India is yet to implement clear data security regulations. The Indian legislature, on the other hand, amended the Information Technology Act (2000) (“IT Act“) to incorporate Sections 43A and 72A, which have a right to reimbursement for unauthorized disclosure of personal information. 

Under Section 43A of the IT Act, the Indian central government released the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “Rules“). On August 24, 2011, the above Rules (the “Clarification“) was released.

The Rules place additional conditions on Indian commercial and business organizations relating to collecting and disclosing confidential personal data or information, which are similar to the GDPR and the Data Protection Directive.

There is no national regulatory body for the safety of personal data in India.

The Ministry of Electronics and Information Technology (the “Ministry“) is in charge of enforcing the IT Act as well as issuing regulations and other clarifications. Enforcing the IT Act is the responsibility of the authorities constituted under the IT Act, namely the adjudicating officer and cyber appeal tribunal, and then the various High Courts and the Supreme Court. 


India has taken a strong stand against the updated privacy policy of WhatsApp. 

The Centre told the Delhi High Court on May 17, 2021, that it considers WhatsApp’s latest privacy policy to be a breach of Indian information technology (IT) law and regulations and that it wants the social media site to clarify if it agrees. 

Although WhatsApp’s revised privacy policy took effect on May 15, 2021, the company informed the court that it would not begin removing accounts of users who had not approved it and would instead try to persuade them to do so.

The Centre had previously stated that WhatsApp was treating Indian users differently than European users when it came to opting out of its latest privacy policy, which was a source of concern for the government, which it was investigating. Whatsapp has been sued in court for exploiting its market supremacy, with the Union government claiming that the policy breaches the Information Technology Act’s laws. WhatsApp has failed.

Senior advocate Kapil Sibal, for WhatsApp, told a bench of chief justice DN Patel and justice Jyoti Singh that, contrary to rumours, the company is not deferring its update on the privacy policy, which went into effect on May 15, 2021. He stated that the accounts would not be deleted immediately but rather persuaded people to join. However, if users are not persuaded, their accounts will be gradually deleted, he said. 

The Union government has written to Facebook CEO Mark Zuckerberg about the issue and is awaiting a response, so there was a need to preserve the status quo in policy implementation.

In response to the argument, WhatsApp said it was adhering to Indian IT laws and regulations. Its policy took effect on May 15, 2021, but that it would not be deleting accounts immediately.

The current controversy also demonstrates how important it is now, more than ever, for India to pass data protection legislation. In the midst of a pandemic, where any interaction is being digitalized, massive amounts of personal data are being collected and stored on individuals. Consumers in India who use electronic channels are vulnerable to any data breach due to a lack of legislation.

Disclaimer: The present article intends to provide general guidance on the subject, and you can also consult us in your specific case.