WhatsApp and the wait for Data Protection Bill – The Hindu BusinessLine

Clipped from: https://www.thehindubusinessline.com/business-laws/whatsapp-and-the-wait-for-data-protection-bill/article35266846.ece?homepage=true

Any business is entitled to follow the letter of the law – it is up to the governments to bring the letter of the law in complete sync with the spirit of the law

Harish Salve, WhatsApp’s counsel, has pressed the pause button on a legal brawl by telling the Delhi High Court that the messaging service provider will not enforce its new ‘privacy policy and terms of service’ until the Personal Data Protection (PDP) Bill, 2019, becomes law.

Also read: WhatsApp tells HC privacy policy on hold till Data Protection Bill comes

“Rather than vilify a company for following the letter of the law, India should focus on why there isn’t a better one,” writes Probir Roy Chowdhury, an advocate with the law firm, J Sagar Associates, in Mondaq.

SPDI Rules

Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, or ‘SPDI Rules’, a service provider such as WhatsApp is not barred from collecting ‘personal information’ such as contact list details, usage or log information or other location-based information; for ‘sensitive personal data’, the service provider should get express consent from the customer, use the data so collected for a lawful activity, provide opportunity to the customer to withdraw consent and not share the data with a third party, unless expressly consented to by the customer. Chowdhury notes that during the hearing, the Delhi High Court observed that WhatsApp users do not have to agree to WhatsApp’s privacy rules as they could easily shift to other messaging networks if they don’t like the rules. Users could also go to other independent platforms of business or avail themselves of other hosting services.

Chowdhury observes that the WhatsApp issue seems to bring back the famous caveat emptor principle – or ‘buyer beware’– which expects the buyer to exercise diligence over his purchase first before blaming the seller for selling a defective product. (Caveat emptor is a part of a sentence in Latin, whose translation is ‘let a buyer beware, for he ought not to be ignorant of the nature of the property that he is buying’.) He argues that the mere fact that the take-it-or-leave it nature of WhatsApp’s privacy policy, where you either click on the ‘I Agree’ button or not, with no scope for negotiations, does not make the policy unconscionable.

Also read: Won’t compel users to accept new privacy policy, WhatsApp tells Delhi HC

Any business is entitled to follow the letter of the law – it is up to the governments to bring the letter of the law in complete sync with the spirit of the law. That is where enter the importance of the PDP, which is modelled on the European Union’s General Data Protection Regulation (GDPR), but only more stringent. For example, as Vijay Pal Dalmia, Partner, Vaish Associates, notes, the GDPR does not concern itself with non-personal or anonymised data, but under clause 91 of the PDP, the government may ask for non-personal data for policy making decisions. So, as of now, WhatsApp’s case rests. One has to see how well WhatsApp’s privacy policy holds up against the PDP. But it is only when the PDP Bill becomes an Act, would one remind himself of the famous words of Gabbar Singh in Sholay: ‘Ab aayega maza’.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s