The union government has asked the CEO to furnish responses to the query regarding the privacy, data transfer and sharing policies, sources said today.
The ministry raised concerns of information security of the users as the new policy of WhatsApp proposes to share the metadata of users’ chat with business accounts with other Facebook companies. It would create a honeypot of information about users that will be accessible to Facebook groups. This may lead to security risks and make users vulnerable.
MEITY objected also to the “all-or-nothing” approach of WhatsApp that forces users to accept the new service terms and privacy policies, without giving an option to the users to opt-out of this proposed change of integrating user data with other Facebook companies.
Here the government has reminded WhatsApp about the principles of privacy and consent laid down by Supreme Court in the Puttaswamy vs Union of India (2017) judgment.
The ministry has further asked WhatsApp as to why they have brought about such significant changes when the Parliament of India is already considering the Personal Data Protection Bill.
This Bill, which is at an advanced stage of consideration by the Joint Select Committee of both houses of the Parliament strongly follows the principle of “purpose limitation” with regard to the data processing. Purpose Limitation simply means that companies can use the data of users only for that specific purpose which it has taken the consent of the users. This wide integration of data of Indian users with other Facebook companies would make it difficult for WhatsApp to follow this principle if this Bill becomes law soon.
The Ministry has objected to the differential privacy policies for European Union and India.
Given that India has the largest user base for WhatsApp in the world, this discriminatory treatment to Indian users shows lack of respect for interests of Indian citizens by WhatsApp. In this context, Government reminds WhatsApp that it has a sovereign right to protect the interests of Indian citizens and it shall not compromise on that at any cost.
Government has sent a list of 14 questions to WhatsApp seeking response on various privacy and data security concerns.
India demands of WhatsApp…
- Disclosure of the exact categories of data that WhatsApp application collects from Indian users.
- Furnishing of details of the permissions and user consent sought by WhatsApp app and utility of each of these with respect to the functioning and specific service provided.
- Tell whether WhatsApp conducts profiling of Indian users on the basis of their usage of application? What is the nature of this profiling exercise?
- Furnishing of details of the difference between WhatsApp privacy policies in other countries and India.
- India is asking WhatsApp whether it shares data with any other app or business unit of the same company or associated companies. WhatsApp must share details of the data flow among these apps, business units or associated companies.
- The government wants to know whether the WhatsApp app captures the information about the other apps running on the mobile device of the user. If yes, the government has asked what information the app is capturing and for what purpose the company is collecting such data and how it is using the information.
- The government of India has sought the details of the server when data of Indian users is transmitted or hosted.
- It has asked whether the company or application provides any access to a third party to access a user’s personal data. If yes, WhatsApp must share those details.