WhatsApp’s Separate User Data Privacy Policy For Europe And Other Countries Like India

The Facebook owned messaging app WhatsApp is applying double standards for implementation of its changes in data privacy policy and sharing of user data.

The messaging app has confirmed that its policies on data-sharing remain unchanged for users in Europe while its millions of users in India will have no other option but to allow sharing of their data with WhatsApp with its parent company Facebook and other group companies.

This has drawn calls for stringent data protection law in India as WhatsApp gets ready to roll out separate privacy and data sharing policies for Europe and markets like India.

User data from the users of its European Region is not is not shared by WhatsApp with Facebook for the later to enhance its products or ads.

“There are no changes to WhatsApp’s data-sharing practices in Europe arising from this update. It remains the case that WhatsApp does not share European Region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or ads,” Niamh Sweeney, Director of Policy for WhatsApp, Europe has said.

The company updated the same on the FAQ webpage of WhatsApp Europe. Under the European data protection laws, WhatsApp’s terms of service and privacy policy update for the European Region did not require its users to mandatorily agree to the messaging app sharing user data with Facebook in order to continue to use the service, the company’s official further said.

WhatsApp would have also applied the same privacy and data sharing policy updates for the European Region but have been prevented to do so because of the General Data Protection Regulation (GDPR) law that was passed in 2018 by the European Union.

“The General Data Protection Regulation (GDPR) in Europe is a stringent and robust law protecting privacy and data of its people, unlike India where Personal Data Protection bill is yet to be enacted into a law” Dr. Karnika Seth, Cyber law expert and Founding Partner at Seth Associates tells India Today.

Under the well-defined GDPR regulations, businesses and service providers are obliged to collect only essential information from users that are absolutely necessary to provide services or face hefty penalties.

In comparison there is a distinct lack clarity and enforcement mechanism for data security and privacy in India. 

“Section 43A of the IT Act, 2000 puts an obligation on businesses to adopt reasonable security practices to protect user’s personal data and adopt clear privacy policy in this regard” says Seth. That should include what and how information gets collected from users, the lawful purpose of such collection, and should require express consent from a user in the case of transfer of their personal data. Companies should also be mandated to declare the intended recipients of data and user information and the manner in which such transferred data would be used.

“However, enforcement is a challenge, user often cannot discharge burden of proving their data has been collected illegally or for unlawful purpose, or based on ambiguous terms and cannot prove such data’s misuse to claim compensation” explains Seth.

(Adapted from IndiaToday.com)

Categories: Regulations & Legal, Strategy, Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: