In 2016, WhatsApp changed its privacy policy to permit WhatsApp to share data with Facebook. This policy change was challenged through a writ petition by Karmanya Singh Sareen in the Hon’ble Delhi High Court (“High Court”). The High Court provided partial relief and disposed of this writ petition in the same year. In December 2016, Karmanya Singh Sareen and Shreya Sethi filed a Special Leave Petition (“SLP”) in the Hon’ble Supreme Court challenging the High Court’s judgment. This post deals with the issues raised, arguments made and the court’s observations in the ongoing case of Karmanya Singh Sareen v. Union of India.
Judges
A 5-Judge Bench, consisting of Justices Dipak Misra, A. K Sikri, Amitava Roy, A. M. Khanvilkar and M. M. Shantagoudar heard the arguments in this case.
Parties to the case
| Petitioners | Respondents |
| Karmanya Singh Sareen | Union of India |
| Shreya Sethi | WhatsApp Inc. |
| Facebook Inc. | |
| Facebook India Online Services Pvt. Ltd. | |
| Telecom Regulatory Authority of India |
Timeline
| Date | Particulars |
| 19th February, 2014 | Facebook announced it was acquiring WhatsApp. |
| 26th August, 2016 | WhatsApp announced a change in its privacy policy. As a part of the Facebook family of companies, WhatsApp receives and shares information with the Facebook family.[1] |
| 29th August, 2016 | Writ Petition No. 7663 of 2016 filed by the petitioners to protect the rights of users of WhatsApp. |
| 23rd September, 2016 | The Delhi High Court disposed of the writ petition in Karmanya Singh Sareen v. UOI[2] and passed partial relief to the petitioner. The judgment stated that information/data and details of non-existing members as on 25/09/2016 shall be deleted and information up to 25/09/2016 of existing members shall not be shared. |
| 17th December, 2016 | SLP (Special Leave Petition (Civil) No. 804 of 2017) was filed against the impugned final judgment of Delhi High Court in Karmanya Singh Sareen v. UOI, dated 23.09.2016
The following are the major issues which were raised: · “Whether the right to privacy of users of millions of citizens of India is violated by the Privacy Policy of August 2016 of WhatsApp?”[3] · “Whether internet messaging services which equip users to exchange text/audio/video messages, data and make audio/video calls constitute ‘Telecommunication’ services and are liable to be regulated by the relevant authorities?”[4] · “Whether WhatsApp’s conduct of not providing an option to the User ‘not to share’ data with Facebook is contrary to law?”[5] · “Whether the manner of obtaining consent of users under the new privacy policy, including from children from the age of 13 years is misleading, deceptive and unlawful?”[6] · “Whether directions would be required to be issued to protect the interest of the users of “WhatsApp” and whether such directions should contain a specific option for the User to ‘Not to share’ data with Facebook?”[7] |
| 17th March, 2017 | Facebook Inc. submitted a counter-affidavit, stating reasons as to why the petition is not maintainable against them:
· The users have voluntarily entered into the agreement and hence it is a consensual contract. · Facebook and WhatsApp are private bodies and are therefore not amenable to the writ jurisdiction of the High Court. Consequentially this SLP is also not maintainable because it arises out of the writ petition. · The Information Technology Act, 2000 along with the Rules framed thereunder and Indian Contract Act, 1872 already deal with consent, data protection and privacy in the cyber world, thus the High Court did not interfere in this matter, therefore no intervention by Supreme Court is called for. · WhatsApp guarantees the secrecy of message content with the help of “end to end encryption” and thus neither Facebook nor WhatsApp has access to content. · Personal Injustice and harm suffered by Petitioners undermine the assertion of public interest in the petition. Facebook India Online Services Private Limited submitted a counter-affidavit stating reasons as to why the petition is not maintainable against them: · Petition is not maintainable against Facebook India Online Services Private Limited because the information shared by WhatsApp is not received by Facebook India. · The terms governing the use of Facebook service are entered between users located in India and Facebook Ireland Limited and thus petition should be dismissed against Facebook India Online Services Private Limited. · Facebook India Online Services Limited does not own, operate, control or host the Facebook service or WhatsApp service or the servers that host the Facebook service or the WhatsApp service instead it deals with marketing support, technical support and sales support. |
| 20th Mar, 2017 | The Department of Telecommunication filed a counter-affidavit denying the averments made against Union Of India by the petitioners. It gave the following reasons:
· Telecom Service Providers do not have control, rights, and responsibilities for the content of Over-The-Top services (OTT) (services which are accessible over the internet and ride on telecom operators for e.g. WhatsApp). · TRAI has already issued a consultation paper on regulating OTT and is yet to submit its recommendations to the Department of Telecommunications. · To consider economic, security, privacy, innovation etc. related impact of OTT services, a committee on net neutrality has been formed. · Department of Telecommunications shall finalize policy direction on the regulatory and licensing framework for OTT services. |
| 21st Jul, 2017 | Day 1 of arguments: Parties argued on maintainability of the writ and requirement of the regulatory framework for data sharing services.
· The petitioners argued that since the relief is sought against the state, therefore, the writ is maintainable. · Petitioners argued privacy is a common law right, hence the state must regulate data sharing and enact legislation to protect privacy rights. Examples of other countries who have taken steps for data sharing were relied upon. · Entities and companies providing public service can and must be regulated. This argument was made referring to Professor Laurence Tribe on different manifestations of state power. · It was also argued on behalf of petitioners that myth of private contracts shall be attacked if it affects constitutional rights under article 14, 19, and 21. · The respondents contended that nothing has been or will be shared between Facebook and WhatsApp. · Arguments as to including other similar services as respondents were brought up. Example of ‘BHIM’ application was posed as they also access user data. · Respondents claimed that court shall only be approached in case of misuse of data and not against its possibility of being misused. · The Government affirmed that it is ready to implement a workable regulatory regime. Chief Justice of India (CJI), who was on the bench, rejected some of the above-mentioned arguments. In response to ‘other services’ being made a party, he stated that the case cannot be dismissed on this ground. In reply to approaching the court in case of the possibility of misusing data, he said that if the privacy policy of WhatsApp violates Article 14 of the Constitution of India, then the question of ‘whether injury has been suffered or not’ becomes immaterial.
|
| 06th Sep, 2017 | Day 2 of Arguments: Arguments regarding data protection framework of WhatsApp were raised on this day:
· The petitioners began their argument by stating that the right to privacy can be applied even against nonstate actors. · It was also argued that Metadata (set of data giving information about other data) was being shared between Facebook apart from the content being shared. · WhatsApp’s ‘take it or leave it’ contract violates article 19(1)(a) as informed consent is a facet of article 19(1)(a). · Petitioners contended WhatsApp has gathered a large consumer base owing to their stringent privacy policy in their initial stage. Now hidden considerations are imposed after building a loyal consumer base which is an unconscionable bargain. · Respondents, on the other hand, contended that it was mentioned in the policy that it could be changed if there is a merger. It was argued that much more data is being shared by Google. · Counsel on behalf of Government brought to note that a law in relation to data protection can only be brought up after a report of Committee of Experts to deliberate on a data protection framework for India. · Counsel arguing on behalf of Internet Freedom Foundation urged the court to lay guidelines as laid in Vishakha Judgment.[8] The bench rejected that argument of data being shared by Google stating that if other entities also share data, it does not become a correct practice. On request of respondents for introducing guidelines as done in the Vishakha[9] judgment, the bench said that it was a result of legislative inaction and in present case comments of experts have already been sought. The bench also asked Facebook and WhatsApp to file affidavits explaining what data is being shared by them.
|
Status of the case
The case is currently pending before the Hon’ble Supreme Court and no further information is available.
[1] https://www.whatsapp.com/legal/#privacy-policy-affiliated-companies
[2] Karmanya Singh Sareen v. UOI, 233 (2016) DLT 436.
[3] https://www.whatsapp.com/legal/#privacy-policy-affiliated-companies ¶ 2.1, Page 19
[4] Ibid., ¶ 2.2, Page 19.
[5] Ibid., ¶ 2.4, Page 20.
[6] Ibid., ¶ 2.5, Page 20.
[7] Ibid., ¶ 2.8, Page 20.
[8] Vishaka & Ors vs State Of Rajasthan & Ors, (1997) 6 SCC 241
[9] Ibid.
Leave a Comment