Looking at the faultlines:
What is End-to-end Encryption:
According to WhatsApp end-to-end encryption “ensures only you and the person you’re communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp.”
The case of Facebook Inc v. Union of India lies in the Supreme Court for determination of the extent to which these entities are actually in control of this data and hence if the same can be extracted by the government under section 69 of the Information Technology Act,2000.
This stance of not storing data provides WhatsApp with the status of Intermediary and hence spares them with the sanctions and the liabilities which otherwise they would have been subjected to.
What is an Intermediary?
Defined under section 2(w) of IT Act, 2000, the meaning of intermediaries is that they do not own content and are mere platforms where third-party entities place their content. This particular status prevents them from liability in case anything unlawful activity is noticed on an intermediaries’ platforms. In such instances, the government directs the intermediary concerned to remove the unlawful content within a specified period of time. Only if the intermediary concerned fails to do the same expeditiously or it is found that it has conspired, abetted or aided in the generation of such content, can the government take action against the intermediary itself.
As for the latest regulations passed by MEITY (Ministry of Electronics and Information Technology) on 25th February,2021 the principal of “Due Diligence” is to be observed by the intermediaries. The failure to do the same would disable them to claim section 79(1) (which allows them immunity) of the IT Act,2000 and hence cause them to be subjected penal provisions under both, the IT Act and IPC.
What Change is observed:
There have been no changes in terms of personal messaging and the status quo is maintained when it comes to data sharing, only the recipient and the sender is aware of the contents of the messages and no other.
In order to retain one’s WhatsApp account information it has been made mandatory to accept these news terms and conditions and for the same suo motu cognisance has been taken by Competition Commission of India
Action taken against the policy:
The policy changes that came into effect on 08th February,2021. This caused users to either accept the terms and conditions or allows them to opt out. As per the previous privacy policies that came out on 25.08.2016 and 19.12.2019, existing users had an option to choose whether they wanted to share WhatsApp data with Facebook unlike the current scenario.
The CCI, pursuant to the suo motu cognisance, has directed the Director General (‘DG’) to cause an investigation to be made into the matter. The Commission also directed the DG to complete the investigation and submit the investigation report within a period of 60 days from the receipt of this order.
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 under the Information Technology Act,2000 has also been rolled out on 25th February,2021. This sets to redistribute the social media intermediary though there is still no clarity over its application
WhatsApp’s relevance during COVID-19:
WhatsApp and similar instant messaging services have proved to be of much help during the course of pandemic especially during the period of lockdown.
India is on its way to digitization but is still not quiet there so most of the work in government offices, especially summons and notices, happen physically. This was made impossible due to lockdown.
Keeping this in mind the honourable Supreme Court in July,2020 agreed in principle that serving notices and summons integral to the judicial process and serving them through WhatsApp,Telegram and Emails would be legally valid.
View relating to changes in policies:
These privacy policies in general are like differential policy for users in India and the European Union with respect to acceptance of the updated policy. If you read the updated Privacy policies introduced by WhatsApp, it is not applicable in the European Region, owing to the data protection law (GDPR) in place there.
It is to be noted that we have the Personal Data Protection Bill of 2019, which is pending before the Parliament and it is believed that this bill addresses these concerns arising out of this policy.
About the Author – Aditya Pratap
Aditya Pratap is a lawyer practising in Mumbai. He argues cases in the Bombay High Court, Sessions and Magistrate Courts, along with appearances before RERA, NCLT and the Family Court. For further information one may visit his website adityapratap.in or view his YouTube Channel to see his interviews. Questions can be emailed to him at firstname.lastname@example.org.
This Article is made by Aditya Pratap in assistance with Aditi Dixit.
Cases argued by Aditya Pratap can be viewed here.