[BreachExchange] The WhatsApp-Facebook case will determine India’s online privacy laws

Destry Winant destry at riskbasedsecurity.com
Fri May 19 03:39:28 EDT 2017


There is no guaranteed right to privacy enshrined in the Indian
constitution. However, in many judgements over several years, several legal
luminaries have interpreted Article 21 – the right to life and liberty as
giving rise to a somewhat limited right to privacy. There are a number of
restrictions to a right to privacy, mostly articulated through
interpretations of various judgements of the Supreme Court. It is in light
of this, that the ongoing case in the Supreme Court challenging the
messaging application WhatsApp’s privacy policy becomes important.

This is primarily because the right to privacy is a lot more complicated
when it is transposed from offline life to an online universe; where
corporations not based in India are used widely by Indians for
communication, knowledge dissemination, etc. Important questions that need
to be asked are who has access to all our tweets and Facebook posts? Who
has access to private photographs shared only with family on a WhatsApp
group? The current case in the Supreme Court essentially deals with these
changes in the privacy policy on WhatsApp. The petitioners contend that
WhatsApp had a far more stringent privacy policy before being acquired by
Facebook in 2014. Now, both content and metadata of users can be accessed
by Facebook. This change is significant because in theory, data collected
by Facebook can be used for tracking and monitoring of users
very easily. Since the social media giant already collects a lot of other
data including location, ‘likes’, friends, etc; giving it more access to
other private details of users’ lives could be dangerous.

India’s first regulation for ‘data privacy’ came through the Information
Technology Act of 2000. This law deals with compensation for negligence in
implementing and maintaining reasonable security practices and procedures
for sensitive personal data or information; and provides punishment for
disclosure of information without the information provider’s consent. In
the case of privacy concerns regarding the unique identity scheme or
Aadhaar database, the attorney general had argued in the Supreme Court
that privacy
is not a fundamental right
guaranteed to Indian citizens; and therefore collecting and storing
biometrics cannot be a violation of such a right. This case is still
underway and has been referred to a larger bench of the Supreme Court.

In light of the complicated jurisprudence surrounding the right to privacy,
the WhatsApp case takes on an important hue. The judgement in the case
could determine the way ahead for privacy – both online and offline – in
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170519/592d24d7/attachment.html>

More information about the BreachExchange mailing list