It is no surprise that such ‘take it or leave it’ attitude of the most popular communication application attracted severe backlash. So severe, that WhatsApp had to postpone the implementation of the new policy from February to May 2021. Just like 2016, the matter immediately hit the Courts with multiple challenges to the legitimacy of the new 2021 policy. The Competition Commission of India (CCI) also took suo moto cognizance of the matter based on media reports.
On 24 March 2021, the CCI published its order directing a detailed investigation into the conduct of WhatsApp for abusing its dominant position. The CCI would now investigate if, in the garb of this new policy, WhatsApp is trying to exploit its users and further strengthen its market position. The thrust of the order is that the 2021 policy involves collection and commercialisation of extensive personal data of users without their voluntary consent. Moreover, there are no fetters in the new policy on how far WhatsApp can go with the collection and commercialization of users’ personal data. The revised policy is cryptic and unduly expansive.
If such a survey is done in India, it is almost certain that results would be abysmal. Generally, we realise the risk of collection of our personal data when we see media reports on major data breaches. Although such reports create an ephemeral sense of deceit but we soon resign assuming that there is no way to protect our personal data and its collection is inescapable.
This collection and consolidation of users’ personal data can reveal far more intimate details including users’ financial vulnerability, expenditure patterns, location, eating habits and medical data. This data may then be used to profile and target users to take advantage of their needs and vulnerabilities. It is no secret that many entities compile lists of people who suffer from depression, impotence, sexual assaults and other sensitive issues which are then used to exploit people in their most vulnerable moments for making profits.
Globally, “notice” and “consent” play a key role in protecting an individual’s right to privacy and his/her personal data. Whilst WhatsApp may have compromised the ‘notice’ element only to a limited extent by making its new policy cryptic and expansive, it has completely eliminated the element of ‘consent’. To that extent, the CCI’s concerns about a tech magnate’s attempt to abuse its power by impinging on users’ fundamental right to privacy are well placed. There is no doubt that degradation of personal data privacy in digital environment causes consumer harm, adversely affects competition and must concern competition authorities.
Today, individuals are constantly stalked by their smart gadgets such as mobile phones, applications, wearable devices and digital assistants. Your friend ‘Alexa’ may sit quietly next to you and pretend to be asleep until she is specifically called by her name. However, you know that she is creepy enough to be listening to everything you say. In this world of digital assistants, one wonders if it is even possible to monitor the level of personal data being collected for commercialisation. Machine learning is data hungry, and more data means more money.
Given the importance of data and significant monetary value it carries, it is indispensable to ensure that collection and commercialisation of personal data is minimised to make it commensurate with its benefits. To this end, it is imperative for competition authorities to deter any coercive action taken by big tech to commercially exploit users’ personal data against their will.
The contributor of this article is Partner (Competition Law) at DMD Advocates. Views expressed are personal.