WhatsApp Ruling: Experts Seek Privacy Law

WhatsApp Ruling: Experts Seek Privacy Law is a Business Standard article published on 24 September 2016 by Apurva Venkat and Moulishree Srivastava. The report examines a Delhi High Court ruling that restricted WhatsApp from sharing user data with Facebook, highlighting expert commentary on the need for comprehensive privacy legislation in India. The article features perspectives from Sunil Abraham, then Executive Director of the Centre for Internet and Society, alongside Nikhil Pahwa and legal experts discussing consent mechanisms, enforcement challenges, and the broader context of data protection.

Article Details
Full Text
Context and Background
External Link

Article Details

📰 Published in:: Business Standard
📅 Date:: 24 September 2016
👤 Authors:: Apurva Venkat, Moulishree Srivastava
📄 Type:: News Report
📰 Article Link:: Read Online

Full Text

The recent Delhi High Court ruling that messaging app WhatsApp cannot share user data highlights the need for legislation on privacy, according to experts.

On August 25, WhatsApp, a platform with 70 million users in India that was acquired by Facebook in 2014, updated its policy to share user content with the social network. The decision opened new monetisation models for the messaging app.

In response to a PIL, the court ordered WhatsApp to delete data of users who chose to opt out of its policy changes before September 25. It also ordered WhatsApp not to share data collected before September 25 with Facebook for users who had not opted out.

"The decision makes a strong statement on privacy," said Sunil Abraham, executive director of the Centre for Internet and Society. According to him, a user trusts a platform and provides access to his data. As another firm acquires the platform, it gains access to the data.

"Facebook owns WhatsApp. It has to look at ways of monetising it," said Nikhil Pahwa, co-founder of SavetheInternet.in.

"With so much digital data being generated, there is a need for a privacy law in the country," said Pahwa.

"Facebook's consent interface is confusing. It can make a person who wants to opt out let the company access his data," said Abraham, adding a law would take care of such intricacies. The government is working on a privacy bill.

Saroj Kumar Jha, partner, SRGR Law Offices, said there were few judgments on privacy in India based on constitutional rights.

"While the Information Technology Act enables courts to pass judgments on global companies on privacy, enforcing the orders is difficult," he said.

"What is required is a privacy law that can protect user data and uphold the individual's right to privacy," he added.

Context and Background

This article appeared during a critical juncture for privacy rights in India, predating the Supreme Court’s landmark privacy judgement in Justice K.S. Puttaswamy (Retd.) v. Union of India by nearly a year. In August 2016, WhatsApp—which Facebook had acquired for $19 billion in 2014—announced a policy change enabling data sharing with its parent company for targeted advertising and improved user experiences. The decision sparked immediate controversy amongst privacy advocates and users who had originally chosen WhatsApp precisely because of its standalone status and end-to-end encryption promises.

The Delhi High Court’s intervention through a public interest litigation represented one of the early judicial responses to platform consolidation and data aggregation practices in India. By ordering WhatsApp to delete data of users who opted out and prohibiting sharing of pre-existing data for non-consenting users, the court signalled judicial willingness to intervene in corporate data practices despite the absence of comprehensive privacy legislation. This interim relief mechanism provided immediate protection whilst broader legislative frameworks remained under development.

Abraham’s commentary on confusing consent interfaces captured widespread concerns about dark patterns and manipulative design choices that platforms employed to secure user agreement. WhatsApp’s opt-out mechanism required users to navigate through multiple screens and understand technical implications, creating friction that deterred many from exercising choice. The critique anticipated regulatory attention to consent quality and interface design that would later feature in the European Union’s General Data Protection Regulation and inform India’s own data protection deliberations.

Jha’s observation about enforcement challenges highlighted persistent jurisdictional and operational difficulties in compelling global technology companies to comply with Indian court orders. WhatsApp’s servers and corporate entities existed outside Indian territorial jurisdiction, creating practical obstacles to data deletion verification and ongoing compliance monitoring. This enforcement gap underscored calls for legislative frameworks that could establish clearer obligations, enforcement mechanisms, and penalties for non-compliance.

The article’s publication in September 2016 occurred as the Justice B.N. Srikrishna Committee—tasked with drafting India’s data protection framework—had not yet been constituted. References to the government working on a privacy bill reflected earlier efforts, including a 2014 expert committee report on privacy that had not translated into legislative action. The WhatsApp controversy added urgency to these deliberations, demonstrating how platform practices were rapidly outpacing regulatory capacity.