Digital privacy, a basic millennial need often brushed off by legislators, resurfaced with WhatsApp’s insidious privacy update. The updated terms of service mandates information-sharing with Facebook and its partner companies under the pretense of service integration, raised eyebrows on social media and hurled users in a frenzy. WhatsApp’s my-way-or-highway approach forcing users to accept the new privacy policy has set off alarm bells ringing for the privacy-conscious users, who are now making a beeline to dump the app and shifting to more secure and reliable alternatives, such as Signal and Telegram. 

However, surprisingly WhatsApp operates within the existing legal framework of India’s privacy legislation therefore jeopardizing and compromising the privacy of Indians leaving them with little to no respite from data privacy violations. Recently, India marginally moved closer towards realizing the Right to Privacy guaranteed under Article 21 of the Constitution with the enactment of the Personal Data Protection Bill, 2019. Unfortunately, several nuances, procedural and administrative details have not been adequately clarified under the Bill. Therefore, the Bill lacks tooth and nail to fight against rising data breaches and cyber attacks in an increasingly digitized commercial environment amidst the pandemic.

Moreover, the Information Technology Act 2000/2008, suffers from grave shortcomings on the data privacy front. For instance, the IT Act provides for data collection and usage standards, but overlooks on establishing a framework for data storage techniques, user consent and data processing standards. In an effort to surmount the shortcomings, the IT Act was amended to include Section 43-A and Section 72-A, which give a right to compensation for improper disclosure of personal information. Subsequently, additional rules issued by the Information Technology Rules, 2011 impose additional requirements on commercial and business entities in India relating to the collection and disclosure of sensitive personal data or information which bear some similarities with the GDPR and the Data Protection Directive, which recognize the right to privacy. However, expectations from the Bill and its Data Protection Authority to be at the standard of G.D.P.R. without any experience is a tall ask.

This lack of robust data protection regime and regulatory inexperience provides a conducive environment for heightened data breaches and privacy violations. Although the PDP Bill urges adoption of ‘privacy by design’ to maintain transparency and accountability regarding its general practices on processing of personal data, implementing appropriate security safeguards and implementing procedures and mechanisms to address grievance of data principals. Thus, the mere existence of the PDP Bill and Right of Privacy as a Fundamental Right without implementation of an appropriate mechanism and framework has invariably lead to a dead letter regime. Therefore, in light of the mass digitization of businesses followed by an increased dependence on the internet for business and leisure on account of the pandemic necessitates the need to plug the gaps and provide the country with a robust data protection law. The recent privacy policy update by WhatsApp indicates the need for a stronger, comprehensive legislation and propels the privacy-conscious users to address the legal vacuum left unattended otherwise. In view of the fast-evolving online commercial industry, it is imperative to establish an Authority that helps identify and penalize offenders so as to materialize Privacy in letter and spirit and save it from being left as a half-baked promise.

Author- Sonam Chandwani, Managing Partner, KS Legal & Associates

0 CommentsClose Comments

Leave a comment

Newsletter Subscribe

Get the Latest Posts & Articles in Your Email

We Promise Not to Send Spam:)