India / No deferment of May 15 privacy policy deadline: WhatsApp to Delhi High Court

New Delhi: Mobile messaging service WhatsApp told the Delhi high court on Monday that it has not deferred the May 15 deadline for users to accept its new privacy policy. The social media intermediary told the court through his lawyer Kapil Sibal that it is trying to get users on board but in case they don't agree, their accounts will slowly be deleted.

"We have asked users to agree to policy. If they don't agree we will delete them... there is no deferment of policy," Sibal told the court.

The company had pushed back the deadline for its contentious new privacy policy launched in January this year. The updated policy will allow WhatsApp to share some data about users' interactions with business accounts with its parent company Facebook.

The high court adjourned the matter for till June 3 even as Additional Solicitor General (ASG) Chetan Sharma and petitioners sought status quo. The ASG urged the court to record the statement of WhatsApp's counsel that the company will conform with the Indian law and maintain status quo where neither the account or the data is deleted if they revoke their permission/consent for the new privacy policy.

However, WhatsApp objected to the stay and the company's lawyers said they would not make any such statement.

The hearing was held on a petition filed by Seema Singh, through her advocate Meghan, and law student Chaitanya Rohilla challenging the WhatsApp's new privacy policy.

The petitioners sought directions to the Centre to ask WhatsApp to either roll back their policy or provide an option to the users of their platform to opt-out of the January 4, 2021 update. The petitioners also sought to provide the users who have accepted the privacy policy another option to make a choice.

The company had pushed back the roll-out of the policy, but reiterated in February that it will go ahead with its decision. This came despite the government writing a letter, asking the company to abandon its plans.

In its affidavit, the Centre had told the court that the new privacy policy does not provide the opportunity to review or amend the full information submitted by a user, pointing out that the changes allowed to be made are limited to the name, picture, mobile number and “about” information.

The Centre cited the 2011 IT Act rules to contend that the updated privacy policy fails to specify the types of “sensitive personal” data being collected, and with whom the information was being shared.

According to the 2011 rules, there are eight categories of information that qualify as sensitive personal data, including user passwords, financial instrument and transaction information, and biometrics information.