Furor over WhatsApp’s updated privacy policy terms underlines urgency for a regulatory framework to protect data.
Earlier this month, WhatsApp, the instant messaging platform, unveiled the updated terms of its privacy policy. Users were given until February 8 to agree to the new terms if they wanted to continue using the messaging app. But with protests ensuing, and many users raising concerns over data privacy, WhatsApp announced delaying the implementation of the changes to May 15. On Tuesday, the Ministry of Electronics and Information Technology wrote to the company asking for the withdrawal of its latest privacy and policy updates. In its letter the ministry noted that the new terms enabled WhatsApp and other Facebook companies “to make invasive and precise inferences about users”, adding that the collection and sharing of sensitive data with the Facebook ecosystem “has the potential to infringe on core values of data privacy, user choice and autonomy of Indian users”. Facebook itself is the subject of two lawsuits filed by the US government and governments of 48 US states which have put its acquisition of both WhatsApp and Instagram under the scanner. While WhatsApp has sought to allay the concerns surrounding the new policy terms, instances such as these, bring to the fore, the contentious issues surrounding data privacy, and underline the urgency of putting in place a regulatory framework to deal with such matters.
The updated policy delves into the sharing of data collected from WhatsApp users with the broader Facebook ecosystem. Reportedly, it seeks to differentiate between “messages with friends or family” and “messages with a business”. However, even though most of the data collected pertains to account information, some information which can potentially be shared, such as details of transactions and payments, can be sensitive. To be sure, users perturbed by the changes in the policy terms always have the option of opting out and migrating to other platforms. However, given the network effects — the instant messaging platform has more than 400 million users in India — such a substitution is unlikely to be smooth.
The absence of a personal data protection architecture, and a regulatory authority, leaves individuals vulnerable to exploitation. In India, if the data privacy law was in place, it is possible that while the messaging platform could have limited the services provided to users, it may not have been able to deny services based on an individual’s data preferences. In the European Union where the General Data Protection Regulation (GDPR) allows individuals greater say over their data, the new WhatsApp rules will not apply. Putting in place a regulatory apparatus will not only help monitor the flow of data, but also help address critical questions such as what kind of data is collected, is it sensitive, where it is stored, among others.
Earlier this month, WhatsApp, the instant messaging platform, unveiled the updated terms of its privacy policy. Users were given until February 8 to agree to the new terms if they wanted to continue using the messaging app. But with protests ensuing, and many users raising concerns over data privacy, WhatsApp announced delaying the implementation of the changes to May 15. On Tuesday, the Ministry of Electronics and Information Technology wrote to the company asking for the withdrawal of its latest privacy and policy updates. In its letter the ministry noted that the new terms enabled WhatsApp and other Facebook companies “to make invasive and precise inferences about users”, adding that the collection and sharing of sensitive data with the Facebook ecosystem “has the potential to infringe on core values of data privacy, user choice and autonomy of Indian users”. Facebook itself is the subject of two lawsuits filed by the US government and governments of 48 US states which have put its acquisition of both WhatsApp and Instagram under the scanner. While WhatsApp has sought to allay the concerns surrounding the new policy terms, instances such as these, bring to the fore, the contentious issues surrounding data privacy, and underline the urgency of putting in place a regulatory framework to deal with such matters.
The updated policy delves into the sharing of data collected from WhatsApp users with the broader Facebook ecosystem. Reportedly, it seeks to differentiate between “messages with friends or family” and “messages with a business”. However, even though most of the data collected pertains to account information, some information which can potentially be shared, such as details of transactions and payments, can be sensitive. To be sure, users perturbed by the changes in the policy terms always have the option of opting out and migrating to other platforms. However, given the network effects — the instant messaging platform has more than 400 million users in India — such a substitution is unlikely to be smooth.
The absence of a personal data protection architecture, and a regulatory authority, leaves individuals vulnerable to exploitation. In India, if the data privacy law was in place, it is possible that while the messaging platform could have limited the services provided to users, it may not have been able to deny services based on an individual’s data preferences. In the European Union where the General Data Protection Regulation (GDPR) allows individuals greater say over their data, the new WhatsApp rules will not apply. Putting in place a regulatory apparatus will not only help monitor the flow of data, but also help address critical questions such as what kind of data is collected, is it sensitive, where it is stored, among others.