WhatsApp officials, however, said the new policy “does not expand our ability to share data with Facebook.”
“We wish to reinforce that this update does not expand our ability to share data with Facebook. Our aim is to provide transparency and new options available to engage with businesses so they can serve their customers and grow. WhatsApp will always protect personal messages with end-to-end encryption so that neither WhatsApp nor Facebook can see them. We are working to address misinformation and remain available to answer any questions.” a WhatsApp spokesperson told ThePrint.
What the letter says
Some of the key questions the IT ministry wants WhatsApp to answer are:
-Disclose the exact categories of data that WhatsApp application collects from Indian user
-Give details of the permissions and user consent sought by WhatsApp app and utility of each of these with respect to the functioning and specific service provided
-Does WhatsApp conduct profiling of Indian users on the basis of their usage of application? What nature of profiling is conducted?
-Details of difference between WhatsApp privacy policies in other countries and India
-Does WhatsApp app capture information about other apps running on the mobile device of the user?
The source said WhatsApp’s latest policies indicate it will be collecting “vast amount of highly invasive and granular metadata from their [user] chats with business accounts and share it with other Facebook companies”.
The source told ThePrint that since WhatsApp and Facebook have large user base in India, consolidating sensitive information means large number of Indians too will be exposed to “greater security risks and vulnerabilities creating a honeypot of information”, adding that creating such a honeypot is “dangerous”.
The letter, according to the source, also said the proposed data integration between WhatsApp and Facebook gives users no option to opt out of this integration.
“This ‘all-or-nothing’ approach takes away any meaningful choice from Indian users. This approach leverages the social significance of WhatsApp to force users into a bargain, which may infringe on their interests in relation to informational privacy and information security,” the source said citing the letter.
Also read: Not just Signal and Telegram, more apps offer ‘true privacy’ as WhatsApp popularity wanes
‘India examining Personal Data Protection Bill’
The source said the IT ministry has told WhatsApp that India is currently examining the Personal Data Protection Bill, and that “making such a momentous change for Indian users at this time puts the cart before the horse”.
Since the data protection bill “strongly” adheres to the principle of “purpose limitation”, WhatsApp’s changes could mean “significant implementational challenges for WhatsApp should the Bill become an Act”.
The ministry, the source said, also raised “strong objections” against WhatsApp’s perceived “differential treatment” of Indian users compared to European Union users.
According to the source, the ministry said in the letter “the differential and discriminatory treatment of Indian and European users is attracting serious criticism and shows lack of respect for the rights and interests of Indian citizens, who form one of the largest user base for WhatsApp.”
The report has been updated to include WhatsApp’s statement