The Supreme Court on Tuesday (May 16) took the counsel for WhatsApp and Facebook to task for giving an undertaking before the European Union that user data on WhatsApp won’t be shared, but refraining from doing so in India. The respondents took the plea that a data protection agency existed in the EU, unlike India.
The top court was hearing arguments on the privacy policy of WhatsApp. The arguments had started on Monday (May 15) and the case is being heard by a five-judge bench of Justices Dipak Misra, AK Sikri, Amitava Roy, AM Khanwilkar and MM Shantanagoudar. On Monday (May 15), the counsels for WhatsApp and Facebook—KK Venuogopal, Kapil Sibal and Siddharth Luthra—had submitted their arguments.
On Tuesday (May 16), hearing continued before a five-judge bench of Justices Dipak Misra, AK Sikri, Amitava Roy, AM Khanwilkar and MM Shantanagoudar. Venugopal submitted that there was a difference between personal information and sensitive personal information. He argued that personal information was used to identify somebody but sensitive personal information disclosed facts such as sexual orientation, medical records, biometrics, etc. He submitted that WhatsApp didn’t store or handle sensitive personal information but dealt only with personal information. He also maintained that the policy of WhatsApp was in compliance with the rules framed under the IT Act as far as dealing with personal information was concerned.
Senior advocate KV Vishwanathan, appearing for Internet Freedom Foundation (IFF), an intervenor in the case, submitted that the rules referred to only deal with collected data and not the collated meta data. He said that the respondents (WhatsApp and Facebook) create meta data from personal information and this didn’t fall within the ambit of the rules framed under the IT Act.
The counsel for the petitioners submitted that a clarification with regard to these rules was already issued by the central government which clearly stated that the rules were applicable to corporate functioning in India. He argued that WhatsApp and Facebook India did not have any authority to deal with the data collected.
Venugopal submitted that the meta data was collated from personal data but WhatsApp didn’t collect or use sensitive personal information of the users.
The counsel for petitioners brought the court’s attention to the new privacy policy of WhatsApp and Facebook, which according to him said that user data could be used for marketing purposes.
He further pointed out that WhatsApp had access to not just the user’s WhatsApp address directory but the whole mobile device directory as well.
Questioning the policy per se, the counsel argued that it was vague and kept that way. She argued that in one place it said that texts were end-to-end encrypted but in other place it said that the user content was used to provide services.
She contended that WhatsApp had access to meta data and the information contained in them was much more critical that text messages. It was due to this reason that Facebook had acquired WhatsApp as it was a goldmine for the former, to be exploited for economic gains, she said.
Defending the vagueness in the policy matter, the counsel for the respondent said that it was because laws of different countries needed to be adhered to.
However, the petitioner interjected by saying that WhatsApp and Facebook had given an undertaking before EU that they won’t share user data. On that the bench asked the respondents if that was true and it was told that an undertaking had to be given as there was a data protection agency.
Justice Misra was not happy with the answer and retorted that the bench itself was the data protection agency in India. It wanted to pass an interim order, for the same undertaking in India.
Arguments will continue after the lunch break