Reading time : 8 minutes
- Requires consent of the users to share transaction data, mobile device information, IP address of the users and data on how they interact with businesses, and share this data with Facebook.
- It also allows WhatsApp and Facebook to share that information with 3rd party service providers also.
- Certain information which included are phone number our locational data and other login information.
The personal Data protection Bill, 2019
It was introduced in Parliament year 2019. The bill establishes the framework to protect people personal data from entities which collect and use the data soon after introduction the bill was referred to a joint Parliamentary Committee for further examination. The bill places certain obligation on Data Fiduciaries for those who collect and use Data. It gives certain rights to individuals or Data principles to protect their personal data. It establishes a data protection authority to regulate and oversee Data Fiduciaries. The Bill raises some issues to consider Should a Public Service Providers be exempt from asking for consent?
Under the Bill Data entities cannot collect or process Personal Data without an individual Consent. Personal Data is any piece of information that can be used to identify a person’s identity for example- Financial information such as Pan, Aadhaar Number.
Consent will not be required to collect and process Data in case of:
- Medical Emergencies
- Legal Proceedings or
- When the Government is providing services and benefits to the individuals.
If the Government is a soul provider of a benefit or a service such as driving license then the question of consent does not arise because individual any way cannot refuse consent but in case of health insurance where the Government can provide a service alongside private actors then this raises question why Should the public insurers be given a exemption from taking consent when the private insurance companies under the Bill are required too?
Under the Bill entities which process Personal Data are required to:
- Specify the purpose of Data Collection
- Ensure that the processed Data is complete and are not misleading, and
- Ensure that Data is only retained for the required period and not beyond.
They are exempted from this provision if they are processing Personal Data form
- For prevention, detention, investigation or prosecution of any offence.
- In such cases Data entities only have to ensure that the processing is done for a clear, specific and lawful purpose.
This implies that the Fiduciaries may collect more Data than required and retain for a period longer than necessary further, the individual will not have rights over their Data.
The Personal Data Protection bill was drafted by the Srikrishna committee in 2018. The Bill is influenced by the EU’s General Data Protection Regulation and was drafted in response to the Supreme Court’s mandate to the Indian Government recognizing Privacy as a fundamental right. The GDPR does not permit WhatsApp to share its data with Facebook or any third party company. Similarly, when converted into a law, PDP would grant extensive Data Protection Rights to Indian Citizens while imposing limitation on the collection processing of personal and sensitive data. (Money Control News , 2021)
Justice B.N Srikrishna Committee:
The 2018 expert Committee had argued that prevention, detention, investigation and prosecution for a violation of law are essential state functions. It recommended that these activities should be exempted from certain provisions of the bill. Such exemption should be proportionate to the interests being achieved.
According to the Bill individuals can make a complaint to a Data fiduciary if they act against the provision of the Bill, only if such violation has caused or likely to cause harm to them.
Under the Bill in the event of a Data breach the Data fiduciaries has discretion to decide whether the breach needs to be reported to the data protection authority. Under reporting of Data breaches is likely to protect market reputation.
Data Principal Rights
- Confirmation and access (section 17)
- Correction and erasure (section 18)
- Data portability (section 19) (Reddy, 2021)
Concerns Related to Personal Data Protection Bill:
- It is like a two-sided sword. While it protects the Personal data of Indians by empowering them with data principle rights, on the other hand, it gives the central government with exemptions which are against the principles of processing personal data.
- The government can process even sensitive personal data when needed, without explicit permission from the data principals. (Data Protection in India, 2021)
Also read: History of right to privacy
Justice KS Puttaswamy V.UOI (2017-SC-9-Judge Bench)
The Supreme Court in KS Puttaswamy Judgement stated that Right to Privacy is a Fundamental Right in India.
Government can interfere in Right to Privacy of a person only when it is:
- There should be a Legitimate Aim.
- There should be Proportionality in which the Right is been taken.
- And in the way it is been taken there should be a Legality attached to it.
Case Summary and Outcome
A nine-judge bench of the Supreme Court of India held unanimously that the right to privacy was a constitutionally protected right in India, as well as being incidental to other freedoms guaranteed by the Indian Constitution. The case, brought by retired High Court Judge Puttaswamy, challenged the Government’s proposed scheme for a uniform biometrics-based identity card which would be mandatory for access to government services and benefits. The Government argued that the Constitution did not grant specific protection for the right to privacy. The Court reasoned that privacy is an incident of fundamental freedom or liberty guaranteed under Article 21 which provides that: “No person shall be deprived of his life or personal liberty except according to procedure established by law”. This is a landmark case which is likely to lead to constitutional challenges to a wide range of Indian legislation, for example legislation criminalising same-sex relationships as well as bans on beef and alcohol consumption in many Indian States. Observers also expect the Indian Government to establish a data protection regime to protect the privacy of the individual. Further, the case is likely to be of wider significance as privacy campaigners use it to pursue the constitutional debate over privacy in other countries. (Puttaswamy v. India)
In February 2021 the Government of India came up with new set of regulation called The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
This rules talked about two kinds of platform OTT (Over the Top) platforms i.e. The application we use Netflix, Amazon Prime, Sony liv and so on and other social media platforms which is more than 50 lakhs subscribers or more than 5 million subscribers which includes WhatsApp, Instagram, Twitter and so on these was covered basic reason for covering these social media and OTT platforms was that there was a lot of hateful information / false information that was being circulated on these and due to this Government felt that there was a National Security issues that were created because of this Government brought certain sets of guidelines wherein every such organisation which is the OTT platforms or the social media platforms need to have a grievance officer; following National Laws; and Traceability Clause and that is the major cause of concern here it means that if the Government wants the social media platforms to reveal the name of persons who started the particular message and it became hateful or against the Government then it is the duty of the social media platforms to provide such names to the Government of India. This created a problem and the WhatsApp said that this is the violation of Fundamental Rights of people and violation of Human Rights.
On 25th May 2021 which was the last day of complying with This Particular Guidelines WhatsApp filed the case against the Government of India in the Delhi High Court. It stated that if Traceability Clause is a violation of WhasApp’s end-to-end encryption policy. It means all the messages we receive and send are only between sender and the receiver even WhatsApp cannot read those messages that is end-to-end encryption policy. WhatsApp argument is if we are compelled to share this information with the Government Authorities then its Violates our policy of end-to-end encryption and it also violates the Fundamental Rights of the citizens of India because Right to Privacy is a Fundamental Rights as per Case Puttaswamy Judgement. WhatsApp also stated that if these guidelines are implemented as it is with the Traceability Clause then there is certain innocent people who may be unnecessarily implicated which means they become a part of investigation unnecessarily even if they had spread the information out of concern just to tell people this is something wrong happening then also they may be the part of the investigation and they may have to go under a lots of hustle that is another concern here. WhatsApp released a memo on 25th May and made it clear that it has a separate department which works 24/7 assisting the Government Authorities if there is any information like National Security issues etc. WhatsApp has a department delegated to that particular thing in those circumstances WhatsApp can release otherwise it cannot release information whenever the Government want this is a violation of a Fundamental Rights.
WhatsApp will put policy on Hold till Data Protection Law Comes into Force
- Money control News. (2021, may). Retrieved from moneycontrol.com:
- Reddy, P.B. (2021, January). The Centre for internet& society. Retrieved from cis-india.org:
- Data Protection in India. (2021). Drishti IAS
- Puttaswamy v. India. (n.d.). Global freedom of Expression Columbia University.
- Garg, A. (2021, July). The Times of India. Retrieved from m.timesofindia.com:
- Giving more time to recent Update
New IT Rules- Keshav Malpani
- The personal Data Protection Bill 2019
 “Data protection in India”(2021)
 “Puttaswamy v. India” General Freedom of Expression Columbia University.
Author: SAMIKSHA, SHARDA UNIVERSITY
Editor: Kanishka Vaish, Senior Editor, LexLife India.