wordpress blog stats
Connect with us

Hi, what are you looking for?

WhatsApp will not limit features on users yet to agree to new terms

In a reversal to an earlier statement, WhatsApp says that it will not limit features to users who are yet to “agree” or provide consent to their new privacy policy, and will await the proposed Personal Data Protection (Bill) which is being deliberated by a parliamentary committee. The platform will instead “remind users from time to time about the update as well as when people choose to use relevant optional features, like communicating with a business that is receiving support from Facebook,” it said.

Earlier this year, WhatsApp said that users would have to review its updated terms by February 8 and provide their consent to the updated privacy policy, which aims at integrating Facebook and Instagram (along with other Facebook, Inc. apps) more closely with the messaging service. However, the platform was forced to delay it following a global backlash over the company’s data-sharing practices.

WhatsApp thereafter shifted the deadline to May 15 and said that while it would not delete accounts of those who do not accept the policy, it will limit their features. In the following days the Government instructed the platform to with the updated privacy policy, or else it could face legal action if it did not comply with the new Information Technology Rules, 2021, according to a Reuters report.

A spokesperson for Whatsapp said that they have responded to the Government of India’s letter and assured them that the privacy of users remains our highest priority.””As a reminder, the recent update does not change the privacy of people’s personal messages. Its purpose is to provide additional information about how people can interact with businesses if they choose to do so,” they said.

 “We hope this approach reinforces the choice that all users have whether or not they want to interact with a business. We will maintain this approach until at least the forthcoming PDP law comes into effect,” the spokesperson said.

WhatsApp reported 2 billion monthly active users globally in February 2020 (before the pandemic), with 400 million reportedly being in India. It has launched its UPI-payments service in India. As of July, WhatsApp Business accounts had 50 million MAUs, with 15 million of those in India, per TechCrunch. As WhatsApp head Will Cathcart said, 175 million people globally message a business account each day.

Advertisement. Scroll to continue reading.

WhatsApp’s new terms for users

Back in January, the global messaging platform rolled out a new privacy policy through which Facbook’s three empires could sync user data across each other. The new policies are largely expanded and better-explained versions of their existing conditions, with some new additions. The updated policies (terms of service and privacy) contain language on how user data is processed by the company. It also has new sections on how businesses can use WhatsApp to communicate with each other, likely in line with Facebook’s push to generate more revenue from the messaging app. Additionally, the policies deal with connections within the Facebook’s “family of apps and products”.

The new privacy policy says that it can share with Facebook any of the data is collects under its expansive “Information we collect” section. This includes user-supplied information such as profile picture, content in “about” section, individual users’ address books, status updates, transaction and payment data. It also includes information collected by WhatsApp, such as device-level data such as IP address, ISP and identifiers (including those unique to Facebook products on the same account). In theory, with all this data, Facebook would be able to triangulate users who are on Facebook, WhatsApp and/or Instagram.

In a later clarification, however, WhatsApp said that its service is end-to-end encrypted and neither it or Facebook can see messages. It further emphasised that it does not share contacts with Facebook, that location shared on chat and group chats remains private, that users can set messages to disappear, and can download their data.

Further, per the updated terms, messages to business accounts on WhatsApp can be shared with third-party service providers, which may include Facebook itself. For example, Facebook (as the third-party service provider) could store, read and “manage” messages sent to businesses by users. This only becomes clearer in the WhatsApp’s clarification posted on Tuesday:

Essentially, there is freer flow of data between WhatsApp, Facebook, and Instagram. While nobody can peek into your texts, thanks to end-to-end encryption, data points about users, and how they use WhatsApp’s business services, and their broader interaction with the Facebook group of products (Messenger, Facebook, Instagram, WhatsApp, Onavo) can be combined. The theoretical use cases of this could be multiple: see ads for a product being sold on WhatsApp Business on Facebook, buy the product via WhatsApp Business, and that interaction is used to show you more ads and relevant content.

Ever since issuing the new privacy policy, the Indian government has pushed back asking WhatsApp to redraft. First, in January the IT Ministry wrote a letter to WhatsApp’s CEO Will Cathart asking them to withdraw proposed changes to its terms and conditions. MediaNama obtained a copy of the letter under the Right-To-Information Act, which said “proposed changes raise grave concerns regarding the implications for the choice and autonomy of Indian citizens. Therefore, you are called upon to withdraw the proposed changes.” The government asked WhatsApp to provide responses to 14 pointed questions about its operations in India, the different business verticals it operates in, and related to its data collection and sharing efforts within India and abroad.

Advertisement. Scroll to continue reading.

Competition Commission Probe

In March, the Competition Commission of India (CCI) ordered an investigation to ascertain the “full extent, scope, and impact” of data sharing under WhatsApp’s new privacy policy and terms of use. In its order, the CCI said that since the new terms are being implemented with “involuntary consent of users”, WhatsApp has prima facie violated provisions under the Competition Act through its “exploitative and exclusionary conduct” under the garb of a policy update, it said.

According to the CCI, the purpose of data sharing “seems to be beyond users’ reasonable and legitimate expectations regarding quality, security and other relevant aspects” for which users come on WhatsApp. Both Facebook and WhatsApp challenged this order before the Delhi High Court, seeking quashing of the CCI probe. While its legal representatives argued that the CCI was examining privacy related issues without jurisdiction as the right to privacy is a constitutional matter, whereas the CCI said their probe concerns the creation of a monopolistic market due to sharing of excessive data.

On April 22, the Delhi High Court dismissed the petitions filed by WhatsApp and Facebook.

Impact of IT Rules 2021

Traceability and Encryption:Under the rules, social-media intermediaries like WhatsApp that have a large user base will have to enable identification of the “first originator of the information” as required by a judicial order passed by “a court of competent jurisdiction” or an order passed under Section 69A of the IT Act. This essentially challenges the ability of platforms and intermediaries from providing their users with end-to-end encyrption. However, WhatsApp’s CEO Will Cathart said that they will try to enable tracebability through solutions “that don’t touch encryption”.

Grievance Redressal Mechanism: Significant social media intermediaries will have to appoint a Chief Compliance Officer and Resident grievance officer in India and of Indian origin who will hold key positions for complying the IT Rules 2021. It will also need to appoint a nodal person of contact for 24X7 coordination with law enforcement agencies. Through the grievance redressal mechanism, WhatsApp will need to respond to user complaints within a specific timeline and if, the matter is escalated to the goverment or a self-regulatory body it would need to take-down, disable and trace messages in some cases.

When content has been taken down or disabled, significant social media intermediaries need to provide a notice explaining the action to the user who “created, uploaded, shared, disseminated or modified”, the rules said. Additionally, intermediaries have to provide information for verification of identify, or assist any government agency for crime prevention and investigations no later than 72 hours of receiving a lawful order.

Advertisement. Scroll to continue reading.

Voluntary takedowns: All intermediaries will have to take down content that violates any law; defamatory, obscene, pornographic, paedophilic, invasive of privacy, insulting or harassing on gender; content related to money laundering or gambling; or “otherwise inconsistent with or contrary to the laws of India”.

Disabling content within 24 hours of user complaint: All intermediaries will have to take down content that exposes a person’s private parties (partial and full nudity); shows any sexual act; is impersonation; is morphed images within 24 hours of individuals (users or victims) reporting it.

Transparency reports: Significant social media intermediaries are required to publish periodic compliance reports every month, with details of complaints received and action taken and “other relevant information”. These reports will also content the number of links or information that it has removed using proactive monitoring by automated tools

Also read

Update, May 29: In the fifth paragraph of the story, a sentence began “As as WhatsApp head…” The error has been rectified.

Advertisement. Scroll to continue reading.
Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ