PDP Bill, Will it Turn out to be a Watchman of users Viz-a-Viz WhatsApp Privacy Policy ?

By Vanshika Sharma

Whatsapp’s recently updated privacy policies have raised concerns all over the country. The announcement was made through an in-app notification on January 4, 2021. This led to huge number of users switching to other messaging platforms. They were asked to accept the new policies otherwise they will lose the access to the accounts. The recent advent of updated privacy policies of Whatsapp has highlighted the lacunas that our Indian data protection laws have.

Rising Privacy Concerns over Whatsapp

As per the recently updated privacy policy, WhatsApp leave the end-to-end encryption clause intact.  This implies that Whatsapp cannot have access to our text messages and cannot share with the third party. But this clause does not cover safeguarding the metadata (information about other data) which triggers everything in a conversation apart from the actual text. This information can be shared with Facebook and other apps including Instagram and Facebook Messenger.

As per the notifications released by Whatsapp in January, it would deprive users of their choice to share data or other information with other apps, including those owned by Facebook accompanied by a condition that if users do not accept the updated terms they will have to stop using Whatsapp from February 08, 2021. However, the new policies were going to be implemented on 15th May, 2021.

 India’s reaction on the new policy

The Ministry of Electronics and Information Technology has once again directed Facebook-owned WhatsApp to take back its new Privacy Policy. In a communication with WhatsApp on 18th May, 2021 the Ministry has once again asked WhatsApp to withdraw its Privacy Policy 2021 as the variations in the Privacy Policy and the manner of instituting these changes including in FAQ sabotages the sacrosanct values of informational privacy, data security, and user choice for Indian users and harms the rights and interests of Indian citizens.

According to numbers by research firm SensorTower, Telegram and Signal, which are seen as WhatsApp’s biggest rivals, witnessed nearly 1,200 percent growth ahead of the belatedly implemented privacy policy deadline on May 15. Numbers suggest that Telegram’s downloads on Android and iOS grew 98 percent year-over-year (YoY) to more than 161 million, while Signal saw its first-time downloads surge 1,192 percent YoY to 64.6 million between January to April 2021.[1]

A plea has been filed in the Delhi High Court challenging the updated privacy policies in which Whatsapp has said that the privacy policy is in line with the industrial standards and does not compromise the integrity of the personal communication of users. The petition is also supported by the Indian government.

Why this triggers a problem?

If we take a look over the whole scenario, then we realise that this issue could be avoided if India had rigorous laws for the data protection. The unavailability of the strict laws has led to the violation of right to privacy of the people.

An important point that one should look for is the commitment that was made by Whatsapp when it was launched in 2009 which read – – “to not sell user data or personal information to any third party”. The statement made by them was changed in 2014 when Facebook took control over Whatsapp and when it started sharing its data with the parent company Facebook in 2017. No doubt in 2017 the users were given a choice to stop sharing their data but this time Whatsapp has made a pre-requisite to agree on the updated privacy policies to continue the use of App.

The data now shared on this platform would be used for monetary gains. This also indicates that the aim for which WhatsApp would be using personal data and information is not even remotely connected to the purpose for which users had shared that information on the app.

Its lack of effectiveness to provide remedies or relief in such situations are in contrast with the legal frameworks that are in place in other jurisdictions, most particularly the European countries. These countries are furnished with the laws that can impose fines on Facebook for sharing and using information unnecessarily through WhatsApp. This clause took effect when the Competition Commission of certain European countries forced this condition on Facebook during its acquisition and purchase of WhatsApp.

A way forward

It has been proposed that until a rigorous and concrete law comes into force with respect to Data Protection complications, the Court should restrain itself from executing the new policy put forth by Whatsapp. Supreme Court has also directed Whatsapp and its parent company, Facebook, to submit their replies on the petitions and emerging issues on this mass privacy violation.

The PDP Bill needs to be modified in certain ways to ensure that in future these arbitrary clauses in such online policies do not deprive the users of the rightful protection they are entitled to under the Right to Privacy. One of the important inclusions that the PDP Bill must have is a clause or term in the law that prohibits the changing or modification of the terms of a contract after its enforcement. For instance, WhatsApp modified the terms of its contract that caused variations in a clause that was contrary to its initial commitments and objectives. Moreover, since the PDP Bill has not been passed yet; it becomes critical to look to other alternate legal provisions and statutes that may offer protection in such situations. For instance, the Information Technology Act of 2000, under Section 87 grants the government the authority to come up with regulations that can put a stop to arbitrary policies introduced by online platforms that pose a threat to privacy and data protection rights granted to individuals. A company should not be able to modify terms for their benefits and force users to abide by it because they consented to the initial terms. The terms of these contracts should be regulated and privacy laws must ensure that changes in these policies have undergone user consent.


Although the deadline for the controversial privacy policy has been scrapped by Whatsapp for now which was supposed to be implemented from 15th May, 2021. But the concerns raised for data privacy have definitely highlighted the urgent need to have a robust mechanism to deal with these data privacy issues. We hope that the government will make necessary changes in the Personal Data Protection Bill or come up with a new regime to address all these data privacy violations.

[1] https://www.news18.com/news/tech/will-whatsapp-take-back-its-new-privacy-policy-in-india-all-that-has-happened-so-far-3756371.html

Author is a 2nd year law student at Lloyd Law College. In a very short span she has gained rich experience working as a legal researcher with several firms and Independent organizations. She has keen interests in General Corporate and IPR, has always been enthusiastic to take up new projects. Currently working as a legal intern for the Summer Internship 2021. 

Leave a Reply


The Bar Council of India prohibits law firms from soliciting work or advertising in any manner. By clicking on ‘I AGREE’, the user acknowledges and confirms that:

  • The user want to have more information about MAESTRO LEGAL, its practice areas and its attorneys, for his/her own information and use;
  • The content available/provided is for the user’s information on his/her specific request and should not be construed as soliciting or advertisement.
  • Any information/material obtained or downloaded by user should not interpreted as legal advice and is completely at the user’s volition and any transmission, receipt or use of this site is not intended to, and will not, create any lawyer-client relationship;

Maestro Legal is not liable for any consequence of any action taken by the user relying on material/information provided under this website. In cases where the user has any legal issues, he/she in all cases must seek independent legal advice.