WhatsApp's new privacy policy

In news

Recently, the Ministry of Electronics and Information Technology asked the High Court of Delhi to step in and restrain WhatsApp from rolling out its new privacy policy.

Ministry’s push of Court’s intervention

Referring to previous judgments of the Supreme Court, the Union Ministry has said that since the highest court of the land had placed a responsibility upon it to come out with a “regime on data protection and privacy”, which would “limit the ability of entities” such as WhatsApp to issue “privacy policies which do not align with appropriate standards of security and data protection”, WhatsApp must be stopped from rolling out the services.
It also listed five major violations of the current IT rules that the new privacy policy of WhatsApp, if rolled out, could entail.
The Ministry also latest privacy and policy update enabled WhatsApp & Facebook to make invasive and precise inferences about users.

List of violations mentioned by the Union IT Ministry

Sensitive data: In its affidavit, the Ministry said that WhatsApp failed to specify the type of sensitive data being collected by it, which is a violation of Rule 4 (1) (ii) of the IT Rules of 2011.

Rule 4 (1) (ii) says that any corporate or person who collects, receives, stores, deals or handles information “shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information” and also specify the types of sensitive data being collected.

- Violation with respect to collection of information: the IT Ministry also said that Rule 5 (3) of the IT Rules says that any person or corporate collecting information shall notify the user if it is collecting any sensitive information, the purpose for which it is being collected, and the intended recipients of the said information.
- WhatsApp, in the new privacy policy, has also failed to provide the user an option to review or amend the users’ information being collected by it.
- It violated Rule 5 (6) of the IT Rules: The Ministry also added that the privacy policy is completely silent on correction/amendment of information. It appears to provide an option to ‘further manage, change, limit, or delete your information’ of the policy, but upon close perusal, it is apparent that this ability is limited to a user’s profile name, picture, mobile number, and the ‘about’ information

Option to withdraw consent: The new WhatsApp privacy policy, also fails to provide users an option to withdraw consent on data sharing retrospectively, and fails to guarantee non-disclosure by third parties, which violate Rule 5 (7) and Rule 6 (4) of the IT Rules of 2011

New Privacy Policy of WhatsApp

While users were able to opt out until now, New Privacy Policy of WhatsApp, they will have only one solution, if they don’t want their data to be owned by the parent company – uninstall the app and stop using the service.
Some of the info WhatsApp is collecting and will be sharing includes location data, IP addresses, phone model, OS, battery level, signal strength, browser, mobile network, ISP, language, time zone, and even IMEI.
There’s also the information about how you are messaging, calling, what groups you are attending, the Status, the profile photo, last time you were online, etc.
WhatsApp even added a separate section called “Transactions and Payments data” specifying the platform will process additional information even for payments, made through the app.

Will WhatsApp share your messages with Facebook?

No.
The privacy policy does not change the way WhatsApp treats personal chats. WhatsApp remains end-to-end encrypted — no third party can read them.

What data will WhatsApp share with Facebook?

WhatsApp shares the following information with Facebook and its other companies: account registration information (phone number), transaction data (WhatsApp now has payments in India), service-related information, information on how you interact with others (including businesses), mobile device information, and IP address. It is also collecting more information at a device hardware level now.

Why does this data exchange with Facebook matter?

The policy gives reasons for the data-sharing with Facebook: from ensuring better security and fighting spam to improving user experience, which were there in the previous policy as well.
But the new policy is a further sign of WhatsApp’s deeper integration into the Facebook group of companies.
CEO Mark Zuckerberg in 2019 talked about his cross-platform vision across Facebook Messenger, Instagram and WhatsApp — he called it “interoperability”. Instagram’s Direct Messages and Facebook Messenger have already been integrated. Facebook wants to bring more services to WhatsApp, and has added a feature called Rooms.

WhatsApp and EU

Data exchange with Facebook is in fact, already taking place.
While users in the European Union can opt out of data-sharing with Facebook, the rest of the world does not have the same choice.
European Union received only one bullet point in their notification.
Because of Privacy legislation better known as GDPR, the WhatsApp users in 27 European countries will not have their data shared with third parties.

General Data Protection Regulation

The GDPR redefines the understanding of the individual’s relationship with their personal data.
It relates to an identifiable living individual and includes names, email IDs, ID card numbers, physical and IP addresses.
This law grants the citizen substantial rights in his/her interaction with
Data controllers – Those who determine why and how data is collected such as a government or private news website.

Data processors – Those who process the data on behalf of controllers, such as an Indian IT firm to which an E.U. the firm has outsourced its data analytics.

Extra reading: https://journalsofindia.com/information-technology-intermediaries-guidelines-rules-2011/

Source: Indian Express