A bench of chief justice DN Patel and justice Jasmeet was told by the Centre in an affidavit that though the rules framed in 2011 under the Information Technology Act prohibits sharing of information with third parties, WhatsApp has stated that data and information will be freely shared with and received by other companies owned by Facebook.
It said that no details were given about the third parties with whom the information will be shared, and submitted that since the contract of a user is only with WhatsApp, all other Facebook companies are “third parties” and any sharing of data between them amounts to a violation.
The matter will be heard on April 20.
“WhatsApp has stated that data and information will be freely shared with and received from other Facebook companies. Since the contract of the user is only with WhatsApp, all other Facebook companies are ‘third parties’ and any inter-sharing of data obtained by it will amount to violation of the restriction on further disclosure,” it added.
WhatsApp was under fire by critics who said users will now not have an option but to consent to the sharing if they want to keep using the application. The company pushed back the roll-out of the policy to May 15 but reiterated in February that it will go ahead with its decision. This came despite the government writing a letter, asking the company to abandon its plans.
WhatsApp did not respond to requests for a comment.
Reacting to the Union government’s response, advocate Meghan said: “The three rights prayed before the court to be declared authoritatively have not been talked about in the counter affidavit.” The three were the right to seek confirmation, access and rectification; to objection, restriction and portability of the data; and to be forgotten as part of Article 21 and the intrinsic to the right to privacy.
He also said the government has not proposed any measure to protect user privacy in the interim. “The mechanism to protect the citizen’s privacy in the interim has also not been heeded in the counter affidavit,” she added.
The government said that, in accordance with law, WhatsApp is required to explain the types of “personal” and “sensitive personal” information, but WhatsApp has used general terms to enlist the kinds of data collected, and made no distinction between “personal” data or “sensitive personal” data.
According to the 2011 rules, there are eight categories of information that qualify as sensitive personal data, including user passwords, financial instrument and transaction information, and biometrics information.
“It is heartening to see the stand of the government because normally, they don’t take such stands. But here the contraventions are so deliberate and intentional, that the government has no choice to take this stand because it has to protect the privacy of the citizens. Also the government can take action against WhatsApp under the new IT rules brought on February 25,” he added.