"Highly Invasive": Internet Freedom Foundation Moves Supreme Court Against WhatsApp's Updated Privacy Policy

The Internet Freedom Foundation has moved the Supreme Court seeking an interim stay on Whatsapp's updated privacy policy and guidelines to safeguard the personal data and privacy of over 400 million Indian WhatsApp users.The intervention application is filed in special leave petition filed by Karmanya Singh Sareen and Shreya Sethi in 2017, challenging the 2016 privacy policy of the company. The matter is being heard by a Constitution Bench of the Supreme Court.In the instant application filed though Advocate TVS Raghavendra Sreyas, IFF has stated that the 2021 Policy of Whatsapp is highly invasive and has been unilaterally forced upon Indian internet users.It has therefore urged the Court to grant an ad-interim order, restraining the sharing of any personal data of users by Whatsapp with Facebook for marketing or other purposes.WhatsApp can't be treated like any other private messaging appAt the outset, the Applicant has stated that WhatsApp cannot be treated like any other private messaging service provider and allowed to engage in predatorial conduct because the Competition Commission of India has prima facie found that it holds a dominant position in the relevant market of Over the Top (OTT) messaging services for smartphones in India.The application states,"The indispensable nature of WhatsApp's services is also evident from the reliance placed upon it by government and public authorities," for instance service of summons through Whatsapp and sharing of links to virtual Courts via WhatsApp.Updated Policy Highly InvasiveThe Applicant has submitted that the 2021 Policy provides more details about the usage and log information, device and connection information, and location information collected by WhatsApp, and reveals the highly invasive and granular nature of metadata collected by WhatsApp.Further, it shares data with Facebook for the following purposes: (i) Personalizing features and content; (ii) Completing purchases and transactions; (iii) Providing integrations to connect a user's WhatsApp experiences with other Facebook Company Products.Furthermore, it is submitted that in a significant departure from the guaranteed end-to-end encryption that protected the content of a user's conversations, the 2021 Policy states that Facebook may have access to messages which users share with businesses on WhatsApp.Need to protect MetadataUnder the updated privacy policy, Whatsapp maintains that conversations on its platform are end-to-end encrypted and the company will only use metadata.The Petitioner has however contended that Metadata means data which provides information about other data, and in the context of private messaging platforms like WhatsApp, metadata can reveal just as much sensitive information about an individual's life as the actual content of a message.The Petitioner proceeds to illustrate how metadata can be manipulated:1) Merely knowing that an individual is part of a group titled 'LGBT Delhi' can allow WhatsApp and Facebook companies to draw inferences about a person's sexual orientation, even if the messages shared between members of the group remain end-to-end encrypted. 2) Even relatively innocuous seeming categories of metadata, such as the battery level of a user's device (added in the 2021 Policy), can be weaponized in the right context. For example, if ride hailing services such as Uber or Ola gained access to information about battery levels of their customers, they can theoretically charge higher rates to customers whose battery is running low and who are desperate to find a cab as soon as possible.In this backdrop, the Petitioner has relied upon the nine-Judge Bench decision in KS Puttaswamy v. Union of India & Ors., (2017) 10 SCC 1, where the Court recognized the dangers of aggregation, when small bits of information about an individual are pieced together to reveal a fuller picture of their personality.Reference is also made to the 'International Principles on the Application of Human Rights to Communication Surveillance,' which are a statement of international best practices that were launched at the sidelines of the UN Human Rights Council in Geneva in September 2013. As per this document, metadata may reveal even more about an individual than the content of communications itself, and thus, deserves equivalent protection.In light of this, the Petitioner has submitted that WhatsApp's data collection and sharing practices, enshrined in its privacy policies, are violative of an individual's fundamental right to privacy and are unconstitutional."Data Collection Should Be Constitutionally Valid" - Justice Srikrishna Speaks On WhatsApp's New Policy, Aarogya Setu Etc. With Seema ChishtiViolation of the Privacy Principles and the Proposed LawThe Petitioner has submitted that the 2021 Privacy Policy is violative of the privacy principles that have been recognised by the Group of Experts constituted by the Planning Commission of India under the Chairmanship of Justice (Retd.) A.P. Shah...

"Highly Invasive": Internet Freedom Foundation Moves Supreme Court Against WhatsApp's Updated Privacy Policy

Akshita Saxena

Tags