Whatsapp Privacy Policy: Click (bait) “Agree”

In 2020, WhatsApp, the instant messaging service boasted of 2.7 billion users. In 2021, it had estimated about 2.87 billion users. Until recently, WhatsApp service was the primary means of electronic communication in multiple countries. A large chunk of the user base is in India. India accounts for WhatsApp’s largest market share. Besides, its user base is present Latin America, Europe and Africa. All this is set to change with the introduction of the WhatsApp updated privacy policy.

On 4th January 2021, WhatsApp released its periodic privacy policy update. Only this time, the privacy policy was not routine. The updated privacy policy made it mandatory for its Non-European users (including India) to “Agree” (literally click on the “agree” icon) to accept its terms and conditions failing which the accounts and services would stand terminated after 8th February 2021 for the respective user. Understandably, this has stirred a hornets’ nest.  


Founded in February 2009 by two former Yahoo employees after seed funding by few other Yahoo employees, WhatsApp was introduced as freeware, cross platform messaging and voice over IP (VoIP). Installing the app enables users to send text messages, voice messages and share images, pictures, documents through this media.

Whatsapp Features: Timeline






Feature(s) introduced

WhatsApp launched by Jan Koum and Brian Acton. 

WhatsApp 2.0 released for use in iPhone.

Software updated to send and receive photos / images



Encryption introduced



Voice messaging introduced


The “Read Receipts” feature is introduced which alerts senders when their messages are ready by recipients. The feature allowing users to disable also introduced for the benefit of users.




WhatsApp Web launched by which WhatsApp can be used on desktops by web browser syncing with mobile devices.

Voice calls were introduced






Document sharing feature introduced. Users could share PDF files with other contacts

End to end encryption (E2EE) feature installed. This protocol ensures information between users is accessible only to them. No third party or service provider can access it.

WhatsApp introduced for both Windows and Mac operating Systems.

Video calls introduced.




Group voice calls introduced

Group Video chats introduced



“Delete for everyone” feature introduced

Between 2009 and 2013 WhatsApp grew step by step with the help of seed funding and venture capital funding. Though there were several attempts by Google to acquire it in 2010, they did not materialize.

Acquisition by Facebook

Since 2005, Facebook has acquired nearly 90 companies. Instagram and WhatsApp are the more famous ones widely used in India and other parts of the world.  

On 19th February 2014, Facebook Inc., (“FB”) announced that it was acquiring WhatsApp for a whopping USD 19 billion, the largest acquisition by Facebook. Surpassing the Google and Apple purchase of other tech companies, the FB acquisition of WhatsApp went on to become one of the largest tech buys of all time. 

The FB deal was sealed with the objective of capitalizing on the ever increasing user base of WhatsApp. A study showed that 70% of users use WhatsApp on a daily basis as compared to less than 60% use of Facebook. By acquiring WhatsApp, Face Book sought to enhance global connectivity through the internet. Facebook plans to systematically spread to parts of the world where internet connectivity is sparse but WhatsApp is widely used.  This is in line with the FB initiative of internet.org which aims to bring internet to lesser developed nations by strategic tie ups with corporates. Eventually FBs agenda seems to be merging all messaging platforms – FB, Whats App and Instagram for users to have a one stop shop communication platform. The objective is garnering a massive user base. Monetization of such platform would be introduced at a later stage.

Concerns / Criticism

Initially, WhatsApp consisted of plain sending and receiving information only. There were concerns of security and data leak as there was no encryption or end to end encryption (E2EE a protocol where information between users is accessible only to them. No third party can access it). 

Encryption was put in place in 2012. However, in 2014 a vulnerability of such encryption was discovered on the Android application that allowed another app to access and read all chats of users. It was then that the end to end encryption (E2EE) was built into the app in 2016.

In 2019, Indian users were up in arms after discovering that internet hackers installed spyware (a malicious software introduced in the system to collect data of the user and pass on to third parties without the knowledge or consent of the user). A malware called Pegasus was introduced. It was a bug fixed in the call functionality of Whats App that enabled transmit details of the user. As Israeli surveillance group – NSO was alleged to be behind this. A number of political leaders, bureaucrats, journalists, human rights activists and lawyers were believed to have been targeted in view of the national elections held in that year. When India sought an explanation from WhatsApp, the company filed a federal law suit against the Israeli group NSO. A grim reminder that nothing was private in the digital world anymore. Understandably, the Indian government was not satisfied with the response. Activities that endanger privacy meant going against its vision of digital India. 

In May 2017, the European Commission alleged that during the WhatsApp takeover by FB, in the course of merger, FB claimed that it was not technically possible to integrate user information and other data from FB and WhatsApp. Automated matching / mapping of identities and other data of FB users and WhatsApp users was not possible. However, on investigation, the Commission found that WhatsApp user information was in fact being shared to the parent company Face Book. As a result, FB was imposed a fine of a whopping 110 million pounds on grounds of providing misleading information at the time of merger.  

The latest updated privacy policy released in January 2021 only seems to reiterate the above. The Privacy policy is of immense concern due to the following: 

  1. It is applicable only to Non-European users. This means that the new privacy policy is applicable to India. This is not applicable to EU since it is European countries are governed by the General Data Protection Regulation (GDPR). It is law on data protection and privacy in the European Union region. Hence WhatsApp cannot share data to Facebook. There is no such regulation governing data protection in India. The Personal Data Protection Bill, 2019 was introduced in the Parliament in December 2019. However, it is yet to become an Act. If the Act were in place, such privacy policy would have become illegal and unenforceable to Indian users in the first place. Further there is limited remedy in the Information Technology Act. While the GDPR has stringent fines and penalties, there is no such law yet in India which provides relief in case of breach or misuse of data.
  2. The privacy policy expressly states that WhatsApp is “one of the Facebook companies”. Starting 8th February 2021, user data from WhatsApp will be shared “across its family of companies”. Clearly, this indicates that personal information (name, number, email id, financial records, passwords, biometrics, medical history, consumer taste and other related details) which individuals provided at the time of registration to use WhatsApp would be used by FB to further their own business interests. such business interests may or may not be of objective use to the user who shared information in the first place. The oxymoron of privacy policy stating they will make public and share information to their other business interests is unmissable!
  3. In the initials years of WhatsApp (before being acquired by Facebook) their privacy policy contained that there would not be use or sale of data to any third party. This changed with the FB acquisition in 2014. Long standing users who continue to use WhatsApp will find it detrimental to their interests. This amounts to breach of trust as they had not signed up for data sharing with all and sundry.
  4. The previous privacy policy(s) expressly stated that they will share data with the parent company and the users had an option either to accept or decline such clause and still continue using the messaging service. The latest Privacy policy expressly states that users must “agree” to the data sharing clause. Else they must exit from the using WhatsApp. The clause itself is restrictive in nature.
  5. Such data collected may be used for various purposes – advertisements, retail selling basis user preferences and the like. However, there is also threat of using such data for commercial exploitation and even to politically influence users.
  6. With access to so much information of a user, experts are of the view that such data sharing will amount to surveillance by Facebook and its group companies by giving a 360-degree virtual view of a person’s online activity.  Even should a user choose to permanently delete his / her WhatsApp account and exit the service, it is possible the information may have already been stored in the Facebook data bank.
  7. In fact, a Writ petition has been filed in the Hon’ble Supreme Court of India seeking a stay on the enforcement of the WhatsApp updated privacy policy dated 4th January 2021. The grounds of objection being violative of the Citizen’s right to privacy guaranteed under the Indian Constitution. It is also viewed a threat to national security if the data should find its way into illegal hands.

A seemingly innocuous Privacy policy has re-ignited a raging debate on data its protection. The fact that India does not have a data protection law gives room for such arbitrary policies to flourish. Majority of WhatsApp users may not be aware of the consequences of agreeing to such a privacy policy. However, there is a growing section of the educated population who are worried for their online safety. With no legal remedy available and no possibility of using WhatsApp unless by agreeing to the privacy policy, the last few weeks have witnessed large scale migration to other safer messaging services like Signal and Telegram.

Not expecting such backlash, Facebook quickly swung into damage control mode. It recently released a clarification that the updated privacy policy does not target private messages with family or friends. Instead, it relates to business related messages exchanged on WhatsApp. It is evident that this tweak in policy is a retention tactic to prevent migration from WhatsApp to other messaging service providers such as Signal and Telegram. Following the widespread uproar, WhatsApp has now announced delay in implementing its new privacy policy and terms of service until May 15, thereby succumbing to the external pressure of WhatsApp users.


Note: For full text of the 4th January updated WhatsApp Privacy Policy



Phone: +919841011111

Email: subathra@akmllp.com