WhatsApp, its privacy policy, and the Game of Consent
The Government of India and WhatsApp are contesting a suit in the Delhi High Court concerning WhatsApp’s new and revised Privacy Policy, and the way WhatsApp is forcing consent down its users’ throats. WhatsApp initially said that only users who accept the new privacy policy can continue using its services. Non-acceptance would spell restricted access and functionality, and ultimately a total lockout. However, the messaging giant later changed its stance and said that it would not limit functionality for not accepting the new policy.
Although an interesting point of consideration in this litigation is the claim of both parties to be fighting for user privacy, this article would confine itself to dealing with the issue of consent and its legalities. With this background, it is also pertinent to note that on May 3rd, 2021, the Government has filed a Counter Statement before the Delhi High Court stating that WhatsApp has exploited users to trick consent. This article will also attempt to elaborate and break down the essence and the base of that argument.
Consent in Civil Law
The concept of civil consent finds its roots in contract law where consent must be “free consent”. Therefore, to understand consent as a stand-alone term, one has to resort to English Dictionaries. Merriam Webster’s English Dictionary defines consent to be to give assent or approval or agree.
“Free Consent” as found in the Indian Contract Act is has a negative definition. As such, consent must not be vitiated by coercion, undue influence, fraud, misrepresentation and mistake subject to provisions envisioned therein. These factors invalidate consent that has been provided/ received. Through custom, consent has attained a further qualification in the commonly used phrase “consensus ad idem” which means ‘to agree on the same thing in the same sense’. In contractual context, agreeing to the terms and conditions of a contract in the same sense as the other party to the agreement.
Electronic Contract in Indian Law
While the traditional pen and paper agreements were popular and widely used back in the day, the world has evolved into one that is more reliant on technology. Therefore, concepts such as contracts had to adapt. This saw the birth of electronic contracts or e-contracts. When the Indian law caught-up to technology in 2009, an amendment to the Information Technology Act, 2000, added a new provision as section 10A which validated electronic contracts or e-contracts.
The provision reads as follows:
Contract formation through communication of proposals, acceptance, revocation when expressed in electronic form shall not be held unenforceable solely on the ground that electronic form was used.”
Consequently, all requirements of a contract can be obtained/performed through electronic means and methods, and the law does not invalidate any part of it.
Electronic Contracts and Consent
Contracts formed and executed through electronic means have taken various forms and have been categorized into various types for easy understanding. At the end of the day, these are the same contracts within the meaning of the Contract law but they differ in how they obtain user consent. The key take-away from this section is to understand the different methods of taking consent from the end user.
- Shrink Wrap Contract
- Click Wrap Contracts
- Browse Wrap Contracts
Shrink Wrap Contracts are those that are similar to the cellophane packaging that comes with physical packages. The idea behind receiving consent for these types of agreements is that once a user opens the package, the consent is deemed to have been obtained as the terms and conditions are printed on the cellophane packaging itself. Any affirmative act of breaking the package would tantamount to agreeing to the terms and conditions envisioned therein.
Click Wrap Contracts are those that consider affirmative action to be a click of the end user. These agreements generally require the user to click on “I Agree” and then proceed. This is how click wrap agreements obtain consent. Website’s Cookie Policies and Privacy Policies are more often than not click wrap agreements
Browse Wrap Agreements are those that are comparable to implied agreements in contractual law. Where the affirmative action is just your mere presence or that of accessing a particular website although you may not have effectively or actually gone through the terms and conditions of the said website. Accessing a particular website means that you impliedly agree to the terms and conditions set out therein, unless you go out of the way to specifically decline or withdraw your consent.
Consent is yet evolving
In fact, technology has evolved and developed so much that it has brought into existence self-executing contracts that are termed Smart Contracts. Upon meeting certain requirement, these contracts automatically execute the contract as a piece of Computer readable code. Consent being an essential feature in entering agreements and executing contracts, it is an important factor even when contracting in cyberspace.
With the enforcement of the GDPR for Corporate entities operating in and out of the European Union, every website requires explicit user permission for their cookie policy. Besides, it also enables users to withdraw their consent to these applications and services. This is just an example of the vital role consent plays in Cyberspace and its governance.
Consent Fatigue and Trick Consent
As said above, there are various types of agreements. Hence, the user provides consent in more than one way. At some point, the user becomes ‘fatigued’ with the different terms and conditions associated with each application or software that he does not bother to read or understand them anymore. In situations like Shrink Wrap Contracts, a software or a service is tied to the conditional acceptance of the terms and conditions with no option or room to negotiate. Since more often than not these agreements and policies are quite long, verbose and lengthy, the unassuming ordinary user just clicks on ‘I accept’ even though he has not read the terms and conditions set out. This situation or phenomenon is called Consent Fatigue.
Imagine you just bought a new computer and you have to set it up with multiple software that you use. If each software has a 50-page End User License Agreement, would you spend the time to read the terms and conditions for each of them before you agree? You need the software so you simply accept whatever terms are there and move on with life. This is what common consent fatigue in our everyday life looks like.
The Curious Case of WhatsApp
WhatsApp however, is a peculiar case that demands special attention. It is a free messaging platform that requires very little time to setup and has a very easy-to-use UI. This has led to WhatsApp becoming the go-to app for textual messaging and of late, for even voice and video calls in India. It has a humongous user base in India, with about 390.1 Million users as in December, 2020.
With this backdrop, WhatsApp wants to update its Privacy Policy which poses a number of changes to retention of personal data, processing this personal data and third-party entities that WhatsApp shares this data with, among others. Much like any other software agreement, WhatsApp said that the acceptance of this Privacy Policy would be a condition precedent should users want to continue to use its service with full functionality. Due to the growing disagreement and incongruence with its users, or the fact that a majority of users had already accepted the policy, WhatsApp put out a statement saying that it would not restrict user functionality.
While some users were unsure about accepting the privacy policy having little knowledge of the consequences the updated Privacy Policy would have, some other users readily accepted it at the very first instance of asking.
Many others slowly gave way after being nudged with repeated push notifications WhatsApp showed which were explanatory slides about the updated Privacy Policy. It is this point that the government has raised as a major point of contention through the Counter Affidavit against WhatsApp.
The government claims that WhatsApp ‘coerces’ users into accepting the Privacy Policy by bombarding them with notifications. This annoys and irritates the unsuspecting user to agree to the Privacy Policy not knowing the effect and consequence of the same. The Statement also claims that the Competition Commission of India has formed a prima facie option that WhatsApp violates section 4 of the Competition Act which would further substantiate the case that WhatsApp has abused its position of dominance in the market and exploited its users into accepting the amended Privacy Policy.
Conclusion
While the prospective Personal Data Protection Bill encapsulates provisions for providing and withdrawing consent, in a hasty attempt to beat the law, WhatsApp hopes to update its privacy policy and have users consent to it. For the Indian Government, it is much more than a single case of WhatsApp as it intends to put to rest the concerns of Indian netizens and their personal data, even before the PDP Bill becomes the law of the land.
When both parties to the litigation fight for user privacy, the question of consent may play a very interesting role. Needless to say that this litigation would definitely be a big improvement in cyberspace jurisprudence in India and one that technology lawyers should keep their eyes peeled for. Furthermore, this would also serve as a precedent for future litigations that may arise even after the prospective law comes into force.
Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates don’t forget to subscribe to our Newsletter.
You can also follow us on Instagram, Facebook, LinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.
