This article has been authored by Savita Gabgwar, a third year student at Army Institute of Law, Mohali.
“Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite”
What is third party? It means a supplier or a service that is not directly controlled by the seller, the first party or the customer, the second party, while checking the business transaction. The third party is independent from all liabilities and is not bound to act on the schemes of any of the parties.
This policy very evidently violates the Right to Privacy of the citizens of India by putting such a condition of data sharing. The Supreme Court in Justice K.S. Puttaswamy v. Union of India clearly ruled that right to privacy is a fundamental right under Article 21: Right to Life and Personal Liberty.
Violation of Privacy is a violation of Fundamental Right
Article 21 of Indian Constitution is considered as the Heart of the Indian Constitution. It states that no person shall be deprived of their right to life and personal liberty except under procedure established by law. In the case of Justice K.S. Puttaswamy v. Union of India, it was agreed that violation of one’s privacy is violation of his Right to Life. Further, the cases like Govind v. State of M.P. and Peoples Union for Civil Liberties v. Union of India have also accepted right to privacy as a right to personal liberty.
The common man himself was not aware of the significance of his data. The lack of awareness was the reason which made it vulnerable to exploitation by the big corporations. But it was through the judgment in Puttaswamy Case, that the Supreme Court changed the outlook and thinking of the people. Now there is more awareness and people are more concerned about their personal data. After the right to privacy was recognized under Article 21, people were somehow compelled to ponder over the importance of their personal data which they earlier never thought even once before sharing.
WhatsApp has left its users with no choice at all and have decided to share user data with Facebook or other Facebook owned companies. The parent company is not liable to anybody, and no one knows the extent to which their data will be shared, let alone how it will be used. There are chances that the parent company uses the data to serve their vested interests.
WhatsApp notified that the updated version will not be applicable for European Region owing to a very strong data protection law, General Data Protection Regulation (“GDPR”). The GDPR is so strict that WhatsApp is legally bound to not share the users’ information to Facebook as it is in contravention with the law in GDPR. This clearly depicts that how Facebook and WhatsApp in a monopolistic manner are trying to enforce it in India as these companies see vulnerability in the absence of any comprehensive law in this subject. GDPR not only protects its citizens but gives them various exceptional rights like Right to be forgotten, etc. GDPR has been an inspiration to various other countries’ data protection legal systems. Like them India should also take a step forward for ensuring the security of its citizens.
Why Sharing Information with Facebook is a Serious Concern?
In the year 2019, Facebook was surrounded by scandals and data breaches, where data of 49 million Instagram users and 419 million Facebook users was exposed in databases online. Continuing the trend, in the end of 2019, again there was news of data breach, where 267 million Facebook users were left open on a database online, as released by Comparitech and Security Researcher Bob Diachenko. It was revealed that this data of users included user IDs, phone numbers and names of the users. Moreover this data could be accessed by anyone with no requirement of password. This could undoubtedly, lead to security breach and phishing attacks. Moreover this data was also posted on a hacker forum for anyone to download it.
Just before that, in March 2018, another scam was revealed. Facebook sold 50 million profiles of its users for political gains to Cambridge Analytica, a company owned by a hedge fund billionaire, Robert Mercer. This was the same company which allegedly helped Donald Trump’s Government in winning elections. Those profiles were used to build a powerful software program to predict and influence choices at the ballot boxes. The personal information was taken without authorization in early 2014, in order to target the users with personalized political advertisements.
These instances are enough evident to declare that WhatsApp’s new policy of sharing its users information with third party like Facebook is not only violation of Right to Privacy but the national security will be at stake. Delivering the data of citizens of one nation to the company of other sovereign should not be considered as an apt act.
Status of Data Protection Laws in India
India at present does not have any specific law regarding the protection of data of its citizens. However, India is set to adopt the updated version of the Personal Data Protection Bill (“Bill”) formed on the recommendation of Justice B.N. Srikrishna Committee. The new Bill seeks to secure the personal data of millions of Indians through mandating Data Localization and ensuring proper checks to Data Fiduciaries. The Bill divides data into 3 categories: Critical, Sensitive and Personal. The Bill further proposes for the establishment of Data Protection Authority under Sec. 41(1) of the Bill. Moreover, the Central Government has put forth the Information Technology (Guidelines For Intermediaries and Digital Media Ethics Code) Rules, 2021 to regulate the social media intermediaries, OTT platforms and online news current affairs websites.
The updated policy by WhatsApp is an absolute violation of the fundamental right of privacy of every user in India, making it unconstitutional in nature. Thus, Whatsapp should only use the information of its users for the purposes it has been allowed to and should not further share it with the third party like Facebook. The division bench in Dr. Sangamitra Acharya v. State (NCT of Delhi) held that Fundamental Rights are enforceable horizontally. The aggrieved person can invoke the respective constitutional provisions for the enforceability of his fundamental rights even if invaded by a non- state actor.
In the absence of any specific law with respect to Data Protection, WhatsApp is trying to go beyond the purview of data collection by sharing it with Facebook. This attitude of WhatsApp by giving the option of ‘take it or leave it’ is not justifiable and clearly violates the crucial rights of an individual. Moreover, one has the right to control one’s life; therefore, while submitting personal data, the user must be given information as to where and for what purpose his data is going to be used for.
In the Puttaswamy case, Justice S.K. Kaul stated, “If the individual permits someone to enter the house it does not mean that others can enter the house…privacy is one of the most important rights to be protected against state and non- state actors and be recognized as a fundamental right.”
Hence, a specific law with respect to data protection of citizen of India is the need of hour.