New Delhi: Why shouldn’t a user sharing personal data on Whatsapp and Meta platforms, which generate advertising revenue by sharing the data, be paid a part of that revenue, or why shouldn’t the commercial gains of these companies be taxed?
This was one of the central questions posed by the Supreme Court to the government on Tuesday as a bench led by Chief Justice of India Surya Kant pointed to the gaps in India’s Digital Personal Data Protection (DPDP) Rules notified in 2025, indicating how it falls short in addressing the “value” and monetisation of personal data.
The court drew reference from the European Union’s data protection framework which treats user data as an economic asset capable of generating taxable value, explicitly recognising that user data has an assessable value.
The court said, “Every silo of data, irrespective of privacy, has a value, we would like to examine, what is the rent sharing of data…we are concerned about how our behaviour is utilised and monetised for trends… You are using the data for the purpose of targeted online advertising.”
Such usage, the court observed, raised questions that India’s DPDP Act does not currently answer.
The Bench, also comprising Justice Joymalya Bagchi and Justice Vipul Pancholi, was hearing appeals filed by Meta Platforms Inc. and WhatsApp LLC against a judgment of the National Company Law Appellate Tribunal (NCLAT).
The NCLAT had upheld a Rs 213.14-crore penalty imposed by the Competition Commission of India (CCI) for abuse of dominance arising from WhatsApp’s data-sharing practices of 2021.
The court was also seized of a cross-appeal by the CCI which challenged the NCLAT’s decision insofar as it overturned a five-year ban imposed by the CCI on Meta and WhatsApp on sharing user data for advertising purposes.
The NCLAT did not agree with CCI’s finding that the companies had unlawfully leveraged WhatsApp’s dominance into Meta’s advertising ecosystem. Although, it did uphold Rs 213.14 crore of penalty imposed on Meta Platforms.
Also Read: SC tells WhatsApp to alert users that new privacy policy’s not a must — ‘publicise it twice’
The ‘value’ of data
At the outset, the Bench was informed Tuesday that WhatsApp had already deposited the Rs 213.14 crore fine levied by the CCI.
However, Chief Justice Kant made it clear that the court would not proceed with hearing the appeals filed by Meta and WhatsApp, unless they furnished an undertaking assuring that users’ personal data would not be misused.
Justice Bagchi also expanded the scope of the Court’s concern beyond privacy alone, pointing to the economic exploitation of user behaviour. The bench noted that user behaviour was being tracked, analysed, and monetised, particularly for targeted online advertising.
Justice Bagchi said that the DPDP Act does not address the issue of “value” on data sharing, unlike the EU Regulations that explicitly recognises that data has an assessable value.
Solicitor General Tushar Mehta said that in the EU Regulations, there is a value put on data shared, and it is taxable with a notional value. He agreed to discuss the court’s viewpoint with the appropriate authorities.
‘Decent way of committing theft’
During the hearing, Chief Justice Kant made strong oral observations relating to Meta and WhatsApp undermining constitutional protections. “You can’t play with the right of privacy of this country, in the name of data sharing. You are making a mockery of the constitutionalism of this country. How can you play with the right to privacy of people like this?”
Sharing a personal experience during the hearing, CJI Kant said, “If a message is sent to a doctor on WhatsApp that you are feeling under the weather, and the doctor sends some medicine prescriptions, immediately you start seeing ads.”
He also questioned Whatsapp and its parent company Meta about the user having an option to opt-out of the privacy policy if need be.
“Where is the question of opt-out? Show me on your mobile. This is a decent way of committing theft of private information… If the users have a right to opt-out, how will the users know this right exists? Let us see the option and the situation with the user…..How will a person know?” asked CJI Kant.
The case
In November 2024, the CCI concluded that Whatsapp’s behaviour amounted to “an abuse of dominant position” under the Competition Act, 2002, and it imposed a penalty of Rs 213.14 crore.
Against the CCI’s order, Meta and WhatsApp moved the National Company Law Appellate Tribunal in January 2025.
In November 2025, the NCLAT partly upheld their challenge by removing the five-year ban on the use of user data for advertising, but it allowed the monetary penalty to stand.
EU data rules & India’s DPDP
Under the EU’s General Data Protection Regulation, data protection is treated as a fundamental right, and individuals are entitled to compensation if they suffer material or non-material harm due to breaches.
The EU’s GDPR also provides severe penalties for violations, with fines going up to €20 million or up to four per cent of a company’s global annual turnover.
By comparison, the DPDP Act and Rules do not incorporate a mechanism for recognising or taxing the economic value of data, nor do they contemplate revenue sharing or compensation based on data monetisation.
The court adjourned the matter to allow Meta and WhatsApp to file detailed affidavits, explaining the operation of their privacy policy and data-sharing mechanisms.
The next hearing is scheduled for February 9, when the Supreme Court is also expected to consider issuing interim directions. The Union of India was formally impleaded as a party to the proceedings during Tuesday’s hearing.
Edited by (Ajeet Tiwari)
Also Read: A citizen’s caste census red-flag that SC found ‘relevant’