Centre asks WhatsApp CEO to withdraw proposed changes to privacy policy

New Delhi: Government of India, Ministry of Electronics and Information Technology (MEITY) has written to Will Cathcart, Global CEO of WhatsApp to withdraw the proposed changes to the Privacy Policy of the Facebook-owned messaging application for Indian users.

The CEO has been asked to furnish responses to the government’s query regarding the privacy, data transfer and sharing policies, sources said today.

The Ministry raised concerns of information security of the users as the new policy of WhatsApp proposes to share the metadata of users’ chat with Business accounts with other Facebook companies. It would create a honeypot of information about users with Facebook group which can create security risks and vulnerabilities for the users.

MEITY further objected to the “all-or-nothing” approach of WhatsApp that forces users to accept the new service terms and privacy policies, without giving an option to the users to opt-out of this proposed change of integrating user data with other Facebook companies.

Here the Government has reminded WhatsApp about the principles of privacy and consent laid down by Supreme Court in the Puttaswamy vs. Union of India (2017) judgment.

Ministry has further asked WhatsApp as to why they have brought about such significant changes when the Parliament of India is already considering the Personal Data Protection Bill.

This Bill, which is at an advance stage of consideration by the Joint Select Committee of both houses of the Parliament strongly follows the principle of “purpose limitation” with regard to the data processing. Purpose Limitation simply means that companies can use the data of users only for that specific purpose which it has taken the consent of the users. This wide integration of data of Indian users with other Facebook companies would make it difficult for WhatsApp to follow this principle, if this Bill becomes a law soon.

The Ministry has also objected to the differential privacy policies for European Union and India.

Given that India has the largest user base for WhatsApp in the world, this discriminatory treatment to Indian users shows lack of respect for interests of Indian citizens by WhatsApp. In this context, Government reminds WhatsApp that it has a sovereign right to protect the interests of Indian citizens and it shall not compromise on that at any cost.

Government has also sent a list of 14 questions to WhatsApp seeking response on various privacy and data security concerns.

The key questions are:

* Disclose the exact categories of data that WhatsApp application collects from Indian users.

* Give details of the permissions and user consent sought by WhatsApp app and utility of each of these with respect to the functioning and specific service provided.

* Does WhatsApp conduct profiling of Indian users on the basis of their usage of application? What nature of profiling is conducted?

* Details of difference between WhatsApp privacy policies in other countries and India.

* Details of Data Security Policy, Information Security Policy, Cyber Security Policy, Privacy Policy and Encryption Policy.

* Does the WhatsApp app share data with any other app or business unit of the same company or associated companies? Share details of the data flow among these apps, business units or associated companies.

* Does the WhatsApp app capture the information about the other apps running on the mobile device of the user? If yes, what information is being captured by the app and what purpose is it being collected and used?

* Details about the server when data of Indian users is transmitted or hosted. * Has the company or application provided any access to a third party to access a user’s personal data? If yes, then share those details