Follow Us:
Thursday, August 18, 2022

Simply put: How WhatsApp case underlines need for laws on data privacy

Delhi High Court order difficult to implement in absence of regulatory framework, say activists.

Written by Aneesha Mathur | Amitabh Sinha & Anubhuti Vishnoinew Delhi, New Delhi |
October 4, 2016 12:30:35 am
whatsapp, facebook, whatsapp information share, whatsapp information to facebook, india, whatsapp terms and privacy policy, whatsapp account, technology news, indian express Facebook bought WhatsApp for $ 19 billion in 2014.

On September 23, a Delhi High Court Bench led by Chief Justice G Rohini directed Internet-based messaging service WhatsApp to delete all information and data collected from users in India up to September 25.

The order protected both users who had opted to delete the WhatsApp application from their phones, as well as those who had chosen to continue using it after agreeing to WhatsApp’s new privacy policy under which it said it would share user data with web giant Facebook and its group companies. Facebook bought WhatsApp for $ 19 billion in 2014.

Watch What Else Is Making News

WhatsApp subsequently said it “plan(ned) to proceed with the privacy policy and terms update in accordance with the (High) Court’s order”, but did not confirm whether it had deleted, or begun deleting, the data.

Subscriber Only Stories
Delhi Confidential: Kerala football club stuck in Tashkent, S-G Tushar Me...Premium
India as a ‘developed’ country: where we are, and the challen...Premium
An Expert Explains: Why a stable Kenya is in the interest of Africa &...Premium
With fund & engineers, Taliban help rebuild gurdwara hit by Islamic S...Premium

No framework

While the judgment of a court is binding upon companies, in this case, both the implementation and monitoring of the order is difficult. This is essentially because India has no statutory or regulatory framework to control the working of WhatsApp and similar Internet-based messaging services. Internet Freedom Foundation, an NGO that includes lawyers, researchers and activists who had earlier worked on Net neutrality, Internet privacy and censorship, has issued a statement expressing concern at the “lack of an institutional mechanism to protect user privacy and provide a remedy to citizens”. In the current scenario, say members of the organisation, there exists no mechanism to enforce the court’s order.

The court’s judgment itself accepted that in the absence of regulations to protect the right to privacy or regulate terms of service of Internet messaging service providers, the change in WhatsApp’s policy could not be challenged in a writ petition. The court also observed that the company had clearly specified in its terms of usage that it could change the Terms and Conditions of the service.

The court did not ask for a compliance report from WhatsApp or Facebook. Instead, it asked the Department of Telecommunications and the Telecom Regulatory Authority of India (TRAI) to consider bringing Over The Top (OTT) services (where a third-party provider delivers one or more services predominantly over the Internet, and often independent of the service provider) under a statutory regulatory framework.

In March last year, TRAI had released a consultation paper that said WhatsApp and other OTT services were “unlicensed entities” using the telecom services network, and needed to be brought within the regulatory framework. The paper had also flagged issues regarding data storage, privacy and ownership of data. The consultation process on the possible steps to be taken is still under way.

Global concern


Days after the Delhi High Court issued the judicial directions against data-sharing by WhatsApp and Facebook, a federal regulator in Hamburg, Germany, directed WhatsApp to stop sharing information with Facebook, and to delete all data collected so far.

The Hamburg Commissioner for Data Protection and Freedom of Information, through an administrative order on September 27, prohibited Facebook from collecting and storing data of German WhatsApp users, and asked it to delete all data already forwarded to it by WhatsApp.

The Hamburg Commissioner has the jurisdiction to issue such an order — the European Court of Justice (ECJ) had in July held that national data protection laws would be applicable if a company processes data in connection with a national subsidiary.


WhatsApp has 35 million users in Germany, and Facebook’s German headquarters are located in Hamburg. Facebook would appeal against the commissioner’s orders, Reuters and CNBC reported.

Also on September 27, Italy’s data privacy watchdog said that it had opened a probe into WhatsApp’s new privacy policy, asked the company to explain what information it planned to share with Facebook, and what was being done to explain to users how their data might be used, Reuters reported.

The Federal Trade Commission of the USA is also looking into the issue, after complaints were filed by a number of organisations, including the public interest Electronic Privacy Information Center (EPIC) and the not-for-profit Center for Digital Democracy (CDD). The EPIC-CDD complaint said the changes to WhatsApp’s policy went against its promises to users that personal information would not be used for marketing purposes.

Earlier in August, the French data protection commission, Commission nationale de l’informatique et des libertés, or CNIL, had issued a statement saying the issue was of “the control of individual users over their own data when they are combined by major Internet players”.

CNIL is currently chair of the European Commission’s Article 29 Data Protection Working Party, made up of representatives of data protection authorities across Europe, the European data protection supervisor, and a representative of the European Commission. CNIL had said that each European authority would be following the changes made to WhatApp’s policy with “great vigilance”.


Also in August, the United Kingdom’s data privacy regulator, the Information Commissioner’s Office, had issued a statement saying it would look into the proposed changes in WhatsApp’s privacy policy to “protect consumers”.

And a report in Singapore-based The Straits Times had quoted Chinese daily Lianhe Zaobao as saying the country’s Personal Data Protection Commission (PDPC) had got in touch with Facebook and WhatsApp after receiving numerous queries from people concerned about their privacy.


Worries about private data being compromised, in fact, predate both the change in WhatsApp’s privacy policy, and its acquisition by Facebook. Back in 2013, WhatsApp had received a warning from Canadian and Dutch privacy watchdogs who found that users have to provide access to all phone numbers in their address books, including both users and non-users of the app, in contravention of privacy laws. The company had at the time assured the Canadian Commission that it would look into introducing measures such as manual addition of contacts and encryption of data.

📣 Join our Telegram channel (The Indian Express) for the latest news and updates

For all the latest Explained News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard
First published on: 04-10-2016 at 12:30:35 am
0 Comment(s) *
* The moderation of comments is automated and not cleared manually by

Featured Stories