In the lawsuit ‘Dr Seema Singh v. Union Of India’, the court had last month sought responses from the central government and had listed March 19, 2021, as the next date of hearing.
In its counter-affidavit, the government has contended that pending the passing of the Personal Data Protection Bill, 2019, the Information Technology Act, 2000 and the rules made under it, constitute the data protection regime in the country, which WhatsApp would be violating with its new policy.
The policy reads that content shared with business accounts would be visible to “several people in the business”. Notably, WhatsApp has 50 Mn Business accounts, of which 15 Mn are in India.
The policy says that some “businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers”. The company will, or has been, sharing the following types of user data with Facebook’s group companies: account registration information (phone number), transaction data (WhatsApp now has payments in India), service-related information, information on how you interact with others (including businesses), mobile device information, and IP address.
Other violations flagged by the government state that WhatsApp, “fails to provide its users with an option to review or amend the information” and “fails to provide an option to withdraw consent retrospectively”.
It is worth mentioning that WhatsApp’s data sharing with Facebook is already taking place. While users in the European Union can opt out of data-sharing with Facebook, the rest of the world does not have the same choice.