An Elephant in the Room – Recent Case of WhatsApp Fallout Amongst Indian Users
By Kamesh Shekar
Users in India recently received an update notification from WhatsApp on changing terms and privacy policy.This notification caused a spurt of turbulence and high-octane debates amongst the Indian users on consumer choice, privacy safeguards on protecting the personal messages etc. The restlessness amongst users, post the notification, also led them on a path to finding alternatives, as most Indian users ended up downloading Signal. Adding to this, some local influencers such as Vijay Shekhar Sharma (CEO, Paytm) also suggested their Twitter followers to switch to Signal, as they found Facebook’s seeming monopolistic power uncomfortable. Reacting to this, the Union Government on January 19, 2021, asked WhatsApp to pull back its changes to the privacy policy and emphasised the importance of consumer choice
On the other hand, to get this straight, WhatsApp took out a front-page advertisement in popular newspapers and put out a WhatsApp status to re-emphasise their privacy promise. Further, to ameliorate the situation, WhatsApp on January 15, 2021, announced a delay in implementing the new privacy policy up till May 15, 2021.
In this blog post, I intend to examine this issue more in-depth to understand whether some of the users’ concerns highly regarded post the notification are only related to a particular App or uptick in overall concerns in general.
Privacy Problem
The privacy policy update of the app, dating July 7, 2012, states that “in the event that WhatsApp is acquired by or merged with a third-party entity, we reserve the right to transfer or assign the information we have collected from our users as part of such merger, acquisition, sale, or other change of control”. In 2014, WhatsApp did shake their hand with Facebook, which gives them the right to transfer information to Facebook. Further, in a privacy policy update dating back to August 25, 2016, WhatsApp added a section on ‘Affiliated Companies’ to include information sharing with Facebook as part of the policy. Thus, the lack of consumer choice in information sharing with Facebook, one of the recently raised concerns, has been a problem since we, the users joined the app (if we joined the app on/post August 25, 2016).
In case of the users who joined the app before 2016, WhatsApp had provisions in their privacy policy, stating that they may amend the policy in the future. This broad provision gives them room to modify their policy anytime and way. Since many messaging apps (including Signal) have the same provision for policy update, what if the alternative we move towards also fails us in the same way? Our experience with WhatsApp also shows that privacy is being used as a selling point or a commodity. When WhatsApp came into the market in 2009, it promised us not to sell our data to a third party, but it changed later. This shows that, like e-commerce platforms that practice predatory pricing to capture the market share, the messaging apps use privacy as a tool to capture market share as well.
If privacy on WhatsApp was a real concern, why didn’t users realise this long ago? Maybe because (a) WhatsApp doesn’t take steps to inform the users on the update, (b) Users did not visit back to read the update or read the privacy policy in the first place. Nevertheless, the privacy problem that we are concerned with is not specific to an app or a third-party provider; instead, the problem is universal and lies within the laws which govern these apps. Therefore, there is a need for a legal provision that tackles the update clauses of social media/messaging apps policy to ensure they do not take a reverse course. Additionally, while recently WhatsApp did notify users on changing terms and privacy policy, “Update To Our Policy” section in the privacy policy places the onus on the users to revisit the policy from time to time for updates. Therefore, the law must ensure that the liability of informing the users on the changes falls on the platform. The legal provision must ensure that the consumer data protection and choice architecture is core to the information sharing with third parties. Further, it is also essential to educate users on digital privacy through various awareness programs specially tailored to the apps they frequently use to avoid late and baseless ex-post reactions like the recent WhatsApp fallout.
Data/Information Problem
Is it just our messages being shared that is causing all this trouble? Well, then we are on a wrong path for the right cause. WhatsApp categorises data/information into three types according to its source, i.e., the information we share, information automatically collected, and information gathered from third parties. Messages fall under the information we share, WhatsApp still has the end-to-end encryption intact, and it does not see, store or share our messages with third parties. Therefore, the problem isn’t the messages per se; instead, we should worry about the metadata/behavioural information that we share, which is collected automatically (such as login/out details, status information, transaction information etc.) or through third parties with our consent for a long time.
Further, as stated in both WhatsApp and Signal’s privacy policies, they share our data/information with the third party for services, post which shared data/information falls under the third party’s discretion. What if the third party does not have a robust privacy policy? Besides, if we are concerned about WhatsApp sharing our data/information with Facebook, what about the other way round. WhatsApp’s privacy policy states that the data/information sharing is not unidirectional, where they also receive data from Facebook. So, should we leave Facebook too? The solution is not quitting or finding an alternative in search of privacy; instead, there has to be a legal provision that applies uniformly across platforms, apps etc. to ensure purpose limitation, consumer protection, data protection and metadata regulation. As India is in the final step of enacting the personal data protection bill and starting the conversation on regulating non-personal data, it is high time that the respective committees test the law for uniformity and interoperability.
Monopoly Problem
While it is believable that this entire scene of us (users) trying to find out an alternative for WhatsApp will bring an end to Facebook’s monopoly, well, in reality, is it so? We have moved beyond a point where the usage of Apps like WhatsApp has become inevitable, and this entire consciousness of privacy is not universal as many Indians might still ignore the update and continue using the service from May 15, 2021 (which was previously February 8, 2021). Further, moving towards an alternative will also be a tedious process as it might take time for networks effect to kick in. Despite these cons, if we still believe that to some extent, this recent incident might break the monopoly, what is the assurance that we might not have another monopoly in the future?
Then, is a monopoly WhatsApp’s problem? In case of the platform economy,the formation of monopoly is inevitable, especially in social media platforms because of (a) network effects (b) lack of cross-platform communication. While the network effect does help improve the value of the service (where users are well connected and business can reach their customers at free of cost), the lack of cross-platform communication might hamper the competition in this space. Thus, the problem is not the monopoly of a particular app; instead, the lack of interoperability amongst platforms is predatory. Suppose we believe that we need more competition and safeguards against monopoly in this sector. In that case, we need a legal provision that mandates cross-platforms communication, like Telecom Service Providers where irrespective of whichever carrier we use we can talk and text each other.
Conclusion
While we are overwhelmed by the user’s ex-post reaction to WhatsApp fallout and promises of other apps for privacy, we shouldn’t forget that there are still no laws in India that safeguard users from the private entities’ business motives. Besides, stricter laws have proven to be protective – WhatsApp has different rules for users within the European Union boundaries due to the GDPR in place. Therefore, we need a legal framework that questions these malpractices and ensures it looks at things from a long-sighted perspective. Further, it is also important to have synergy between various legal frameworks to have better consumer protection and outcomes.
The author is a tech policy enthusiast. He is currently pursuing PGP in Public Policy from the Takshashila Institution. Views are personal and do not represent Takshashila’s recommendations.