Menu

WhatsApp Will Punish Users That Don’t Accept Controversial New Privacy Update

Will limit users’ functionality after sending repeat reminders to accept terms India wanted the firm to reverse.

CHENNAI, India — Despite opposition from the Indian government and users, Facebook-owned WhatsApp is set to go ahead with its controversial privacy update.

The instant messaging app said it would not delete any account or limit user functionality on May 15 — the deadline for users to accept its new terms.

The new update targets WhatsApp’s business accounts, choosing to use Facebook services and personalize ads on the social networking site.

WhatsApp, acquired by Facebook in 2014, already shares some limited information such as phone numbers with its parent. The new update will see WhatsApp sharing data like device and location information as well.

In an email to Zenger News, the social messaging platform said its goal was to “provide information about new options they are building that people will have while messaging a business on WhatsApp”.

“While the majority of users who have received the new terms of service have accepted them, we appreciate that some people haven’t had the chance to do so yet,” WhatsApp said in an email to Zenger News.

Despite opposition from the Indian government and users, Facebook-owned WhatsApp is set to go ahead with its controversial privacy update. (Mika Baumeister/Unsplash)

“No accounts will be deleted on May 15 because of this update, and no one in India will lose functionality of WhatsApp either. We will follow up with reminders to people over the next several weeks.”

According to an updated FAQ section, WhatsApp will send persistent reminders after a few weeks, but after that, the firm will limit functionality until users accept the update.

If users still don’t accept it, their accounts will become inactive.

“After a few weeks of limited functionality, you won’t be able to receive incoming calls or notifications, and WhatsApp will stop sending messages and calls to your phone,” the FAQ states.

“WhatsApp won’t delete your account if you don’t accept the update. Keep in mind that separately, our existing policy related to inactive users will apply.”

After 120 days of inactivity, the company deletes accounts, which means users who don’t accept the update will eventually have their accounts deleted.

WhatsApp announced its new privacy update in January, and many users left the app in fear that the platform will share data with parent Facebook despite its claims of end-to-end encryption.

High-profile entrepreneurs such as Tesla’s Chief Executive Elon Musk asked people to use Signal, while Telegram also gained popularity.

In January, about 5.3 percent of Indian smartphone users installed Signal, as per Kalagato, an automated audience profiling and targeting platform. Telegram, too, saw a 5 percent increase in users. WhatsApp’s dip was minimal at about 0.03 percent.

After 120 days of inactivity, the company deletes accounts, which means users who don’t accept the update will eventually have their accounts deleted. (Carl Court/Getty Images)

“WhatsApp is the largest messaging service in the world with over 2 billion monthly active users,” Karan Chechi, director of TechSci Research, told Zenger News.

“It is the most widespread messaging app with more than 400 million active users in India. Given its majority use in India, it would take a lot for people to shift their social circles to a new app,” Chechi said.

WhatsApp had to postpone the rollout to May 15. It came up with front-page ads in newspapers and wrote series of blog posts to reassure users of their privacy. But the government stepped in to stop the update.

India’s Ministry of Electronics and Information Technology (MeitY) asked WhatsApp to withdraw the policy raising concerns over user information security.

In March, the ministry filed a counter-affidavit in the capital city Delhi’s high court against the new update, saying it violated Information Technology rules, 2011, on five counts. The ministry alleged that the privacy policy did not specify the kind of sensitive data collected, failed to notify users of such data collection, did not let users review or modify the information or withdraw consent, and didn’t provide a guarantee against non-disclosure to third parties.

The ministry’s counter-affidavit was in addition to a pending Supreme Court case against WhatsApp’s 2016 and 2021 privacy policies.

WhatsApp announced its new privacy update in January, and many users left the app in fear that the platform will share data with parent Facebook despite its claims of end-to-end encryption. (Justin Sullivan/Getty Images)

“Facebook purchased WhatsApp in 2014, but they issued press releases saying privacy won’t be affected,” Karmanya Singh, one of the petitioners in the Supreme Court case, told Zenger News.

“But that was a far-fetched reality, and it proved too good to be true when the privacy policy of WhatsApp came into effect in August 2016,” Singh, an intellectual property rights consultant in Delhi, said.

Singh believes the actual devil lies in the details of the policy.

“And how the [2016] policy was worded was vague, — we will share the data ‘with the Facebook family of companies’, we won’t put [data] ‘onto Facebook’ instead of saying ‘with Facebook’. It’s not something an average user can understand,” he said.

Singh was a 19-year-old student when he and Shreya Sethi filed a petition in the Delhi high court where only partial relief was granted. In 2017, they filed a Special Leave Petition at the Supreme Court in response to the Delhi high court decision.

“What you post on Facebook, you sort of know it can go anywhere. But with private messages on apps such as WhatsApp, you think they are only going to the intended person,” Singh said.

While WhatsApp’s 2016 privacy policy largely flew under the radar, its 2021 privacy update saw India’s anti-trust regulator mount an inquiry.

The Competition Commission of India (CCI) ordered an investigation into WhatsApp’s updated privacy policy in March, saying “unreasonable data collection” can grant competitive advantage to dominant players, leading to “exploitative as well as exclusionary effects”.

Facebook and WhatsApp challenged the CCI investigation in Delhi High Court, which was rejected.

While WhatsApp’s 2016 privacy policy largely flew under the radar, its 2021 privacy update saw India’s anti-trust regulator mount an inquiry. (Indu Pandey/Unsplash)

Singh and Sethi filed another application in the Supreme Court this year in response to WhatsApp’s affidavit. They said the company was discriminating against Indian users, unlike those in the European Union.

Users in the EU can choose to opt out of the WhatsApp privacy update due to stringent laws surrounding user data under the General Data Protection Regulation (GDPR).

“There’s the concept of metadata, which is being highlighted time and again, that the content of the message is not the only type of personal data,” Singh said. Metadata provides information about other data. Messages can provide information about things like user patterns or locations.

“The IP address, location, contacts, phone number, [user] behavioral patterns are all identifiable. We also highlighted in the [Supreme Court] application that if you get a Covid-19 test done, the business sends you a message on WhatsApp with your test results.”

“The most personal data like Covid-19 results are now on WhatsApp. So, it’s not like users have the choice of not engaging with business accounts. Once businesses come in, it’s going to be natural for people to engage with them,” Singh said.

The Supreme Court cases and high court cases are ongoing even as the new privacy update is set to come into effect on May 15.

India’s Personal Data Protection Bill, which was introduced in Parliament in 2019, is yet to be passed into law and is still under scrutiny.

The bill states that users have to be notified of the purposes of the data collected, the right of the user to withdraw consent and the individuals or entities with whom the personal data may be shared.

“There are nearly 700 million internet users in India. This figure is projected to grow to over 974 million users by 2025,” Chechi said.

“India does not have a standalone personal data protection law to protect data and information shared or received in verbal or written or electronic form. India needs to have a data protection law with increasing digitalization.”

(Edited by Amrita Das and Gaurab Dasgupta)