Background and Issue

On the 25th of August, 2016 the messaging service WhatsApp Inc. changed its privacy policy to reflect its relationship with its parent company, Facebook, by stating that they will begin to share user data with them. The privacy policy was challenged in the Delhi High Court, where partial relief was granted in their final judgement dated 23rd September, 2016. The High Court kept in view that the existence of a right to privacy was being decided upon in the Supreme Court (in the  then ongoing case of K. Puttaswamy v. Union of India), and ordered the protection of WhatsApp Users data only up to 25th September, 2016. 

 

The petitioners challenged this judgement on the grounds that it created an ‘artificial’ distinction between the rights of those users who delete the app before the 25th of September and those who continue to use it after the 25th of September. The petitioners alleged that this continues to compromise the data and rights of millions of users. 

 

What do the petitioners seek? 

The petitioners has made one main prayer and has also sought interim relief -

  1. Main prayer – The granting of leave to appeal the Delhi High Court Judgement from 23rd September 2016;

  2. Interim relief – An ex-parte stay of the Delhi High Court Judgement dated 23rd September 2016;

 

Grounds

 

Delhi High Court Judgement

The petitioners argues that the Delhi High Court created an artificial distinction between existing and future users (based on the 25th September, 2016 cut-off date) as both classes of users are entitled to privacy protections. Only users who deleted the app prior to the cut-off date were alleged to be protected by the High Courts directions. The High Court further failed to recognize that in the absence of their directions and any regulatory framework, user data is highly vulnerable. The petitioners suggest that the High Court should have protected the privacy rights of citizens until such a regulatory framework was enacted. In the absence of regulatory mechanism, the High Court stated that they lacked jurisdiction under Article 226 of the Indian Constitution. The petitioners argued that it was the ‘settled position of law’ that if there is a lack of statutory/regulatory framework, courts may issue directions to protect the rights of citizens until such framework is enacted. 


 

WhatsApp Privacy Policy

The petitioners also relied heavily upon the manner in which WhatsApp enacted its new privacy policy. They allege that the policy was enacted unilaterally and the manner in which consent was obtained for the policy (by providing the button in the opening screen itself) meant that the intention was for the user to not read the entire policy. This results in consent being obtained in a deceptive manner, especially for those who can’t read or understand the policy. The petitioners further argue that the High Court should have ordered the inclusion of an “Opt Out” or “Don’t Share” option for all users to allow them to protect their data from third parties. Consent to access and use user data should only be sought from those who specifically communicate their acceptance to WhatsApp, only upon a clear understanding of the new policy.

 

The policy, according to the petitioners, also seeks to obtain a licence to all the works created by users and transmitted on the app which is not in accordance with the law for minors (below 18 years) who are incapable of granting such licenses. 

 

This policy also violates Section 72 of the Information Technology Act which prescribes the penalty for breaches in confidentiality and privacy, the petitioners argue. WhatsApp also allegedly fails to comply with the terms for ‘consent’ and ‘disclosure’ from the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (hereinafter the ‘2011 Rules’). The 2011 Rules impose an obligation to make full and true disclosures of the consequences of privacy policies. This results in WhatsApp violating the right to privacy, sharing an individual’s private information and resulting in a violation of Article 21 of the Indian Constitution. 

 

Interim Relief

The petitioners finally made a plea for interim relief for preventing the application of the modified privacy policy, due to the potential compromise of confidential information for millions of citizens.