In a strongly worded letter to WhatsApp CEO Will Cathcart, the Ministry of Electronics and Information Technology said India is home to the largest user base of WhatsApp globally and is one the biggest markets for its services.
The ministry asked WhatsApp to withdraw the proposed changes and reconsider its information privacy, freedom of choice, and data security.
Stating that Indians should be properly respected, the ministry said, “any unilateral changes to the WhatsApp Terms of Service and Privacy would not be fair and acceptable.”
With over 400 million users in India, the changes will have a disproportionate impact on the country’s citizens.
It asked WhatsApp to provide details of the services provided by it in India, categories of data collected, and permissions and consents sought.
WhatsApp has also been asked to provide policy on data and information security, privacy, and encryption.
It has also been asked to detail data sharing with other apps and capture information about other apps running on the user’s mobile phones.
Besides, complete technical architecture and server hosting data of Indian users have been asked to be furnished along with details of access to a third party.
The changes “enable WhatsApp, and other Facebook companies, to make invasive and precise inferences about users which may not be reasonably foreseen or expected by users in the ordinary course of assessing these services, the ministry said.
The updated terms would enable WhatsApp to collect “highly invasive and granular metadata” such as time, frequency and duration of interactions, group names, payments and transaction data, online status, location indicators, and any messages shared by users with business accounts.
“The collection and onward sharing with Facebook companies, of sensitive personal data of individuals portend an ecosystem where any meaningful distinction between companies and WhatsApp will cease to exist,” it said.
“This approach has the potential to infringe on core values of data privacy, user choice, and autonomy of Indian users,” it said.
The new terms caused an outcry among technology experts, privacy advocates, and users and triggered a wave of defections to rival services such as Signal.
The updated policy got a right to share data it collected from WhatsApp users with the broader Facebook network, which includes Instagram, regardless of owning any accounts or profiles there.
Some businesses, as per the new policy, were to use Facebook-owned servers to store messages.
This triggered an outcry regardless of WhatsApp’s assertion that all private messages between friends and family members remain end-to-end encrypted.
Stating that the changes proposed to create systemic vulnerability, the ministry said the government expects WhatsApp “to take all information security safeguards as per law.”
It went on to state that the Personal Data Protection Bill is being discussed by a joint committee of the Parliament and making “a momentous change for its Indian users at this time puts the cart before the horse.”
Also, Indian users are being subjected to differential treatment compared to their European counterparts, where the changes do not apply.
“By not providing Indian users with the ability to opt-out of this data sharing with other Facebook companies, WhatsApp is treating users with an ‘all-or-nothing’ approach,” the ministry said.