Print Friendly, PDF & Email

Why the Centre moved court over WhatsApp’s new privacy policy?

Topics Covered: Cyber security related issues.

Why the Centre moved court over WhatsApp’s new privacy policy?


Context:

The Ministry of Electronics and Information Technology has asked the Delhi High Court to step in and restrain WhatsApp from rolling out its new privacy policy.

Why does the IT Ministry want the high court to restrain WhatsApp?

Supreme Court judgments had placed a responsibility upon the Centre to come out with a “regime on data protection and privacy”, which would “limit the ability of entities” such as WhatsApp to issue “privacy policies which do not align with appropriate standards of security and data protection”.  Therefore, WhatsApp must be stopped from rolling out the services.

The IT Ministry has listed major violations of the current IT rules that the new privacy policy of WhatsApp, if rolled out, could entail. They are:

  1. WhatsApp failed to specify the type of sensitive data being collected by it.
  2. WhatsApp has failed to provide the user an option to review or amend the users’ information being collected by it.
  3. The policy fails to provide users an option to withdraw consent on data sharing retrospectively.
  4. It also fails to guarantee non-disclosure by third parties.

Key Features of the Policy:

  1. Information Sharing with Third Party Services: When users rely on third-party services or other Facebook Company Products that are integrated with our Services, those third-party services may receive information about what you or others share with them.
  2. Hardware Information: WhatsApp collects information from devices such as battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP) among others.
  3. Deleting the Account: If someone only deletes the WhatsApp app from their device without using the in-app delete my account feature, then that user’s information will remain stored with the platform.
  4. Data Storage: WhatsApp mentions that it uses Facebook’s global infrastructure and data centers including those in the United States to store user data. It also states that the data in some cases will be transferred to the United States or other parts where Facebook’s affiliate companies are based.
  5. Location: Even if a user does not use their location-relation features, Whatsapp collects IP addresses and other information like phone number area codes to estimate your general location (city, country).
  6. Payment Services: WhatsApp says that if anyone uses their payments services they will process additional information about you, including payment account and transaction information.

Other Issues and concerns:

  1. The new Whatsapp policy contradicts the recommendations of the Srikrishna Committee report, which forms the basis of the Data Protection Bill 2019.
  2. The principle of Data Localisation, which aims to put curbs on the transfer of personal data outside the country, may come in conflict with WhatsApp’s new privacy policy.
  3. With the updated privacy policy, WhatsApp can now share one’s metadata, essentially everything beyond the conversation’s actual text.
  4. If users disagree with the messaging platform’s updated privacy policy, they will have to quit WhatsApp when the new terms of service are set to come into effect.

Sources: Indian Express.