When Facebook was considering acquiring WhatsApp, privacy activists read the writing on the wall and warned about potential data sharing between WhatsApp and Facebook. To allay these concerns, executives from WhatsApp publicly committed to never share data with Facebook. Based on these assurances, regulators such as the European Commission and the Federal Trade Commission greenlit the acquisition of WhatsApp by Facebook.
Volte Face in 2016
The regulators who had approved Facebook’s acquisition of WhatsApp based on its commitments about preserving user privacy did not take to this volte face kindly. In 2017, the European Commission fined Facebook 110 million Euros for providing misleading information during the WhatsApp acquisition about its technical inability to link the identities of users across WhatsApp and Facebook. Prior to this in 2016 itself, data protection authorities in Germany and the United Kingdom also directed Facebook to stop collecting data of WhatsApp users.
Legal Proceedings in India
During the course of hearings before the Supreme Court in Karmanya Singh Sareen & Anr. v. Union of India & Ors. [S.L.P. (C) No. 804 of 2017], IFF has advanced arguments about the need to preserve privacy of meta data even if the actual content of messages is encrypted. Meta data means data which describes or gives information about other data, and it includes information like which users do you chat with, how frequently do you chat with a user, which groups you are a member of etc. In many cases, meta data by itself can reveal very sensitive information about a person’s life. For instance, consider conversations with sexual and reproductive health services which now provide abortion related counselling via WhatsApp.
The case is still pending before the Supreme Court and it was last listed in March 2020 but it did not come up for hearing. You can read more about the history of the case here.
- The new policy provides more details about the usage and log information and device and connection information collected by WhatsApp which demonstrate the highly invasive and granular nature of meta data collection by WhatsApp. For instance, the updated policy clarifies that WhatsApp is also collecting information like battery levels and signal strength.
- The new policy reveals that even if a user does not use their location-relation features, WhatsApp collects their IP addresses and other information like phone number area codes to estimate general location (city, country).
- The new policy states that for users of their payment service, WhatsApp will start processing payment account and transaction information which includes information about payment method, shipping details and transaction amount.
What's the worst part? There is no option to users, except to click on, “I Agree.” If you don't want to give in, we suggest you consider switching to a more secure platform like Signal and also join us in pushing for enactment of a strong data protection legislation in India.
- Previous post regarding Karmanya Singh Sareen v. Union of India (link)