WhatsApp’s New Privacy Policy - Violations

Why in news?

The Ministry of Electronics and Information Technology has asked the Delhi High Court to step in and restrain WhatsApp from rolling out its new privacy policy.

What is the policy about?

• The controversy relates to WhatsApp’s decision in January 2021 to enforce a new privacy policy.
• The policy will allow it to share some data about users’ interactions with business accounts with its parent company Facebook.
• The users will not have an option but to consent to the sharing if they want to keep using the application.
• The privacy policy also does not provide the opportunity to review or amend the full information submitted by a user.

What is the reason for IT Ministry’s demand?

• The IT Ministry cited several Supreme Court judgments.
• The Supreme Court has placed a responsibility upon the Ministry to come out with a “regime on data protection and privacy.”
• In effect, this would “limit the ability of entities” such as WhatsApp to issue “privacy policies which do not align with appropriate standards of security and data protection.”
• Given this, WhatsApp must be stopped from rolling out the services.
• Thus, in a counter-affidavit, the IT Ministry has listed five major violations of the current IT rules that the policy of WhatsApp, if rolled out, could entail.

What are the violations listed by the IT Ministry?

• WhatsApp failed to specify the type of sensitive data being collected by it.
• This is a violation of Rule 4 (1) (ii) of the IT Rules of 2011.
  • It mandates a company to provide a privacy policy for handling of or dealing with personal information including sensitive personal data or information.
  • It also mandates specifying the types of sensitive data being collected.
• The second violation is with respect to collection of information.
• Rule 5 (3) of the IT Rules says that any person or corporate collecting information shall notify the user if it is collecting any sensitive information.
• It should also inform the purpose for which it is being collected, and the intended recipients of the said information.
• Besides these, the policy has also failed to provide the user an option to review or amend the users’ information being collected by it.
• The changes allowed to be made are limited to the name, picture, mobile number, and “about” information.
• For the policy to be compliant with the recent IT Rules 2021, it must allow the users to exercise this option for all kinds of data collected by WhatsApp.
• The policy also fails to provide users an option to withdraw consent on data sharing retrospectively, and fails to guarantee non-disclosure by third parties.
• These again violate Rule 5 (7) and Rule 6 (4) of the IT Rules of 2011.

Source: The Indian Express, Hindustan Times