The CEO has been asked to furnish responses to the government’s query regarding the privacy, data transfer, and sharing policies, sources said today.
The Ministry raised concerns about the information security of the users as the new policy of WhatsApp proposes to share the metadata of users’ chat with Business accounts with other Facebook companies. It would create a honeypot of information about users with a Facebook group which can create security risks and vulnerabilities for the users.
MEITY further objected to the “all-or-nothing” approach of WhatsApp that forces users to accept the new service terms and privacy policies, without giving an option to the users to opt-out of this proposed change of integrating user data with other Facebook companies.
Here the Government has reminded WhatsApp about the principles of privacy and consent laid down by the Supreme Court in the Puttaswamy vs. Union of India (2017) judgment.
Ministry has further asked WhatsApp as to why they have brought about such significant changes when the Parliament of India is already considering the Personal Data Protection Bill.
This Bill, which is at an advanced stage of consideration by the Joint Select Committee of both houses of the Parliament strongly follows the principle of “purpose limitation” with regard to data processing. Purpose Limitation simply means that companies can use the data of users only for that specific purpose which it has taken the consent of the users. This wide integration of data of Indian users with other Facebook companies would make it difficult for WhatsApp to follow this principle if this Bill becomes law soon.
The Ministry has also objected to the differential privacy policies for European Union and India.
Given that India has the largest user base for WhatsApp in the world, this discriminatory treatment to Indian users shows a lack of respect for the interests of Indian citizens by WhatsApp. In this context, Government reminds WhatsApp that it has a sovereign right to protect the interests of Indian citizens and it shall not compromise on that at any cost.
The government has also sent a list of 14 questions to WhatsApp seeking responses on various privacy and data security concerns.
The key questions are:
* Disclose the exact categories of data that the WhatsApp application collects from Indian users.
* Give details of the permissions and user consent sought by the WhatsApp app and utility of each of these with respect to the functioning and specific service provided.
* Does WhatsApp conduct profiling of Indian users on the basis of their usage of the application? What nature of profiling is conducted?
* Details of difference between WhatsApp privacy policies in other countries and India.
* Does the WhatsApp app share data with any other app or business unit of the same company or associated companies? Share details of the data flow among these apps, business units, or associated companies.
* Does the WhatsApp app capture the information about the other apps running on the mobile device of the user? If yes, what information is being captured by the app and what purpose is it being collected and used?
* Details about the server when data of Indian users is transmitted or hosted.
* Has the company or application provided any access to a third party to access a user’s personal data? If yes, then share those details.