WhatsApp New Policy And Data Protection In India
Why in news?
WhatsApp new policy
- It requires users to consent to sharing transaction data, mobile device information, IP address, and data on how they interact with businesses with Facebook group companies.
- The policy allows WhatsApp and Facebook to share user information with businesses and third-party service providers that transact on these platforms.
- Besides the technical front, even on the analytics front the consent has been asked to share details such as the login details and the locational details.
- WhatsApp’s end-to-end encryption clause still remains intact, but this only ensures that it won’t be able to see or share the users’ messages.
What is Data?
- Data is any collection of information that is stored in a way so computers can easily read them (think 011010101010 i.e. binary formats).
- Data usually refers to information about your messages, social media posts, online transactions, and browser searches.
Storage of data
- The physical attributes of data — where data is stored, where it is sent, where it is turned into something useful — are called data flows.
- Data localisation arguments are premised on the idea that data flows determine who has access to the data, who profits off it, who taxes and who “owns” it.
- However, many contend that the physical location of the data is not relevant in the cyber world.
Whatsapp and India
- Whatsapp is the most popular messaging platform in India, owned by Facebook since February, 2014.
- India accounts for 400 million of the total 2 billion WhatsApp users and 310 million users on Facebook globally.
- Also, India is the first country for WhatsApp to launch payment services.
- It has received permission from Indian regulators to go live with 20 million users so far.
- Despite such a wide user base, India has been asked for a forced consent only because India is in a dearth of a stringent data protection law.
Laws for Data Protection across the Globe
- European Union: The primary aim of the General Data Protection Regulation (GDPR) is to give individuals control over their personal data.
- US: It has sectoral laws to deal with matters of digital privacy such as the US Privacy Act, 1974, Gramm-Leach-Bliley Act etc.
Initiatives in India
- Information Technology Act, 2000
- It provides for safeguard against certain breaches in relation to data from computer systems.
- It contains provisions to prevent the unauthorized use of computers, computer systems and data stored therein.
- The Personal Data Protection Bill, 2019
- It is commonly referred to as the Privacy Bill.
- It intends to protect individual rights by regulating the collection, movement, and processing of data that is personal, or which can identify the individual.
- In December 2019, Parliament approved sending it to the joint committee.
- The Bill gives the government powers to authorise the transfer of certain types of personal data overseas.
- It has also given exceptions allowing government agencies to collect personal data of citizens.
- The Bill divides the data into three categories: (1) Personal Data: Data from which an individual can be identified like name, address, etc. (2) Sensitive Personal Data: Personal data like financial, health-related, sexual orientation, biometric, caste, religious belief, etc.; (3) Critical Personal Data: Anything that the government at any time can deem critical, such as military or national security data.
- It removes the requirement of data mirroring in case of personal data.
- Only individual consent for data transfer abroad is required.
- The Bill requires companies and social media intermediaries to enable users in India to voluntarily verify their accounts. WhatsApp New Policy And Data Protection In India
- Virtual ID by Unique Identification Authority of India (UIDAI) :
- It seeks to ensure Aadhaar privacy- It aims at eliminating the need to share and store Aadhaar numbers
- An Aadhaar holder can use Virtual ID in place of his/her Aadhaar number at the time of authentication
- Draft Digital Information Security in Healthcare Act (DISHA), 2018:
- It seeks to ensure protection of data related to physical, physiological and mental health condition, sexual orientation, medical records and history and biometric information
- In this digital age, data is a valuable resource that should not be left unregulated. In this context, the time is ripe for India to have a robust data protection regime.
- It is time that requisite changes are made in the Personal Data Protection Bill, 2019. It needs to be reformulated to ensure that it focuses on user rights with an emphasis on user privacy. A privacy commission would have to be established to enforce these rights.