Explained: Privacy Policy of WhatsApp

Reading time : 8 minutes


In the recent times, the importance of data protection has taken a front row stand.  In 2017, The Supreme Court held that right to privacy is a fundamental right guaranteed under Article 21, in the landmark Justice Puttaswamy case. [WP (c) 494.2012]. However, with our ever increasing dependency on technology, it is important that new laws and regulations be formed to protect a consumer from private data exploitation.

In 2009, Jan Koum and Brain Action, created a technological platform for instant messaging that could be accessed by a consumer free of cost. It gained international recognition and now, WhatsApp, has become a cheaper and more popular alternative to SMS; being available in 180 countries and having over 340 million users. 

Through WhatsApp, a user can share messages, videos, pictures, voice notes and even important documents with the person of his/her choice.  Most of such informative may be confidential or private to the user and hence, it is important that such data be protected.

On 4th January 2021, however, WhatsApp issued its updated privacy policy, which created massive uproar amongst its users. The updated policy states that Facebook and other parents companies will be able to access the data of the user and furthermore, it states that if a user objects to or refuses to accept these new terms, that user can no longer access WhatsApp.

Background of the Issue & Stand of the Constiution

The updated policy of WhatsApp contradicts the Right to Privacy safeguarded under Article 21 in Part III of the Constitution of India. It was held in the Puttuswamy case that that right to Informational privacy falls within the ambit of Article 21 and each individual has the right to exercise control over his presence on the internet and data thereof. It was further held that, even where data was being extracted, it could only be done when it was 1) in public interest 2) done by a competent legislature 3) ONLY upto the required extent.

Facebook, is the parent company of many flourishing social media sites such as Instagram and Twitter and with WhatsApp coming under the control of Facebook, the same will be able to monopolize date within itself.  Facebook in the recent times has acquired a notorious name for itself. In 2019, Facebook was held guilty of Federal Trade Commission and charged with damages of $5 Billion. Facebook had, in 2018 sold data of consumers to a political campaign agency based out of Britain called Cambridge Analytica, who in turn used this data to profile individuals and create target political strategies.

India is the leading country of WhatsApp users and any data breach or piracy will directly influence India as a country. Moreover, a user is not given the option to choose whether he/she would want to share his/ her date with Facebook, the user is bound to. Adding to that, Facebook is a multinational corporation with data centers across all borders. The difference between localization of data by local businesses and multinational corporations should be realized. While data stored by local businesses will be subject to local laws and local authorities, data stored across borders will be subject to irregular laws. Furthermore, the updated privacy policy has not been created under the prudent watch of the government and hence the sanctity of it cannot be relied upon.

Another pressing issue is, that while India has the majority number of WhatsApp consumers, preferential treatment was given to the European Union and different privacy policies have been created for India and Europe.

In a petition filed by Advocate Chaitanya Rohila before the Delhi High Court argued that, the updated WhatsApp policy gave the company a 360 degree view into the lives of the user further arguing that WhatsApp does not have any authority to use the data of the customers to facilitate its own private agendas. The petitioner further stated that India being a signatory to the International Covenant on Civil and Political Rights (ICCPR) is duty bound to take actions to prevent information concerning person’s private lives does not fall into the hands of an unauthorized entity. Lastly, it was vehemently emphasized that the Data Protection Bill, which was introduced in 2018 would be able to successfully combat most of the issues surrounding the WhatsApp Privacy policy.

Union Government’s take

section 79 (2) (c) of the Information Technology Act read with section 87 (2) (zg) of the same act shows that the Centre has the power and authority to stop WhatsApp from sharing user data with third-party companies. On 19th January 2021, after the release of the updated privacy policy, The Ministry of Electronics and Information Technology labelled it unilateral and unfair and asked for its instant withdrawal with further demanding a list of 9 questions be answered.

The questionnaire asked questions regarding:

  1. The exact kind of data that was being collected from the Indian users
  2. Details of permissions and consents
  3. Utility of various service providers
  4. The reason for collection of ‘vast amount og highly invasive and granular metadata   &
  5. The distinctions between the WhatsApp privacy policy in India and other countries.

WhatsApp is still to reply to this questionnaire.

What does whatsApp say?

WhatsApp has held that personal messages sent via the App will not be accessible as they are end-to-end encrypted and nothing has changed in the security protocol. It (WhatsApp) has further clarified that the updated privacy policy applies only to the business feature available on the app and will provide further transparency on how data is collected.

It has further clarified that users will have the option to download and delete their data and third party corporations (or WhatsApp) will not have access to contacts, location, groups or calls.

WhatsApp has emphasized on the difference between a business using WhatsApp and personal messages. It has clarified that the privacy policy is to expand and be able to provide a stable platform for business to interact with their clients. WhatsApp has claimed to be providing secure hosting services from Facebook to manage WhatsApp chats with clients etc.

WhatsApp has further claimed to reduce contact time between business and client by letting a client WhatsApp message a business, of which the user saw an Ad on Facebook. WhatsApp has also added a payment feature which promises to increase convenience for user satisfaction.

Critical Analysis

It cannot be ignored that most privacy policies are made for personal gain and all such policies are unregulated. The Constitution under Article 21 protects a right to a person’s life and liberty which includes the right to privacy of a person, and as held in the Puttaswamy case, in India data can only be collected for public interest by authorized legislature and if data is collected arbitrarily, the Supreme Court is authorized to put a hold on this.

In view of this, it is important that updated privacy policy of WhatsApp should not be readily accepted and questioned tenaciously as:

  1. The collection of data is arbitrary and hence ultravires to the Constitution.
  2. Collection points being scattered across borders makes it extremely hard to claim damages in case of breach.
  3. There are no solid data protection laws in India.
  4. Differential policy treatment between India and other countries gives rise to suspicion.
  5. User does not have an option to object.

However, when the coin is flipped and the other side is considered, the creation of a link between WhatsApp and Facebook would inevitability transform business services and create a more convenient and user friendly mode of business communication.


Collection and trading of user data has gained significant boost due to development of new technologies like artificial intelligence, which help recreate the thinking of a human brain. Social media platforms have always been a place where individuals have freely been able to vocalize their option about different subjects such as politics, the Government, art, literature, personal likes and dislikes, sports, etc., which has saturated social media platforms with user data. One may think of this to be innocent data, however, when this data is collected over a period of time; it gives us an insight into the life of that person and may help profile individuals. Users, however, have the right over their data and have the right to protect themselves from corporations or the government from using this data without their permission for personal gains. WhatsApp, being an instant messaging app, in my opinion requires a ridged privacy policy, favoring the user because, confidential and private data is exchanged on this platform, which can be misused if pirated.

Author: Fareedunnisa Huma

Editor: Kanishka Vaish, Editor, LexLife India.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s