Posted on May 3, 2021
Co-authored by Melita Tessy & Vivek Basanagoudar*
In addition to the above-mentioned privacy concerns, the new policy has also given rise to antitrust concerns in India. These concerns have been dealt with by the Competition Commission of India (“CCI”) under the provisions of the Competition Act (“CA”), 2002. In this article, the order passed by the CCI is examined and analysed.
In this vein, both WhatsApp and Facebook were arrayed as opposite parties in the case. The CCI observed that while WhatsApp’s previous privacy policies gave users the option to choose whether or not they would like to share their data with Facebook, the latest update made the said data sharing mandatory. CCI, dismissing Facebook’s contention that it is a distinct legal entity from WhatsApp, observed that since Facebook was a direct and immediate beneficiary of WhatsApp’s new policy update, it cannot feign ignorance regarding the possible impact of the said updates altogether.
Prima Facie Concerns of Abuse of Dominance
Before addressing the prima facie concerns, it is imperative to note that WhatsApp, in response to certain clarifications sought by the CCI stated that the 2021 update, was required to share more information with users about how WhatsApp gathers, utilizes, and exchanges information and to remind users about how optional business messaging services function when those features become accessible to them. Furthermore, it was stated by WhatsApp that they continue to honour their 2016 update (“the 2016 update”) which allowed existing users to opt-out of sharing their WhatsApp account information with Facebook companies. The company clarified that it cannot access personal conversations due to their end-to-end encryption policy.
With regards to the prima facie concerns, WhatsApp submitted that there were no competition-based concerns that could have arisen from the 2021 update and the company requested the CCI to refrain from initiating an investigation. However, the CCI proceeded to examine the issue on merit and noted that it had previously established WhatsApp to be a dominant player in the ‘Over-The-Top (OTT) messaging applications via smartphones in India’ market and this was done in the Harshita Chawla case. It noted that, unlike the 2016 update, users were not given the option to opt-out, and the scope of data collected by the 2021 update was too wide and disproportionate. It includes, among other things, details about the user’s battery level, signal power, app edition, mobile operator, ISP, language, and time zone, system activity information, service-related information and identifiers, and the user’s position information, even if the user does not use location-related features.
The CCI observed that details about how users “interact with others (including businesses)” aren’t specifically described, and what constitutes “service-related information“, “mobile device information“, “payments or business features“, and so on aren’t either. The CCI also noted that the policy’s list of data to be collected, which used terms like “includes“, “such as“, and “For example“, among others, was indicative rather than exhaustive, implying that the scope of sharing data may extend beyond the information categories that have been explicitly stated in the policy. The real data expense that a user incurs for using WhatsApp services is hidden by obscurity, ambiguity, open-endedness, and incomplete disclosures. It is still unclear from the policy whether users’ past data will be shared with Facebook companies, and whether data will be shared with respect to WhatsApp users who aren’t on Facebook’s other apps, such as Facebook, Instagram, and so on.
Users are often unlikely to expect their personal information to be exchanged with third parties unless it is for the specific purpose of delivering or enhancing WhatsApp’s service. However, it appears that the data sharing system is often intended to ‘customize’, ‘personalize’, and ‘market’ the services of other Facebook Companies, based on the policy’s wording. Users generally have sovereign rights and power over decisions about sharing their personalised data in a competitive market. This is not the case for WhatsApp users, and there seems to be no justifiable explanation why they do not possess any influence or say over such cross-product data processing by mutual agreement rather than as a condition of using WhatsApp’s services.
WhatsApp users previously had such control over sharing of their personal data with Facebook, owing to a ‘opt-out’ clause in previous policy changes that was available for 30 days. However, they no longer possess such ability in the new update. As a result, if users choose to utilise a dominant messaging app, they must embrace the platform’s arbitrarily dictated “take it or leave it” terms in their entirety, including the data sharing provisions. Such “consent” cannot be interpreted as voluntary approval to any of the policy’s particular processing or use of personalised data. They have not been given adequate options to object to or opt-out of particular data sharing terms, which tends to be unfair and unreasonable for them.
After having considered the above matters, the CCI claimed that the conduct expressed by WhatsApp through its update was “neither fully transparent nor based on voluntary and specific user content” and this was claimed to be unfair to its users. The CCI also stated there was data concentration between the Facebook companies which posed to be a threat due to the degradation of non-price parameters of competition viz. quality which in-turn causes detriment to customers with no valid justification. Abuse of dominance by an individual with a dominant position in a relevant market is prohibited under Section 4 of the CA. According to Section 4(2) of the CA, a company or a group is abusing its dominant position if it imposes unequal or discriminatory conditions in the prices of purchase or sale of goods or services; restricts or limits production of goods or services in the market; or restricts or limits technological or scientific advancement relating to goods or services to the detriment of others. The CCI held that WhatsApp dominated the relevant market for OTT messaging apps via smartphones in India and thereby concluded that such acts as mentioned above, prima facie amounted to imposition of unfair terms and conditions and violated Section 4(2)(a)(i) of the CA. Additionally, the contested data sharing clause could have exclusionary effects in the display advertisement industry, potentially undermining the competitive process and creating further barriers to market entry, which was held to be in violation of Section 4(2)(c) and (e) of the CA. There was also a recognition of WhatsApp’s pronounced network effects and the lack of a credible competitor which resulted in the company being put in a power to compromise the protection of data of its users.
Due to lack of a strict data privacy regime in India, the CCI has gone beyond its role of being a competition regulator and taken the lead in protecting user privacy, thereby blurring the demarcation between antitrust laws on one hand and information technology laws on the other. In the absence of such a simple line of demarcation, courts are likely to see an increase in jurisdictional disputes resulting from the country’s changing data jurisprudence. Interestingly, both 2016 and 2021 updates have been challenged on other aspects as well. Firstly, the 2016 update was challenged in Karmanya Singh v. Union of India. In this case, the Delhi High Court ordered the deletion of user data collected by WhatsApp before 25th September 2016, but allowed the retention and sharing of data post the said date. It observed that those who didn’t want to use WhatsApp could always choose to leave it. The 2021 update was challenged in Chaitanya Rohilla v. Union of India, wherein the court noted that the 2021 update violated the right to privacy. It also observed that the preferential treatment given to EU countries was concerning.
In the current case, the CCI has probed into the antitrust concerns raised against WhatsApp and has clearly identified issues that could pose a threat to the data of its users. The DG has now been ordered to conduct further investigation into the new policy which may or may not result in a remedy. Instead of merely ordering an investigation, under Section 33 of the CA, 2002, the CCI could have ordered for interim relief by placing an injunction on the operation of the update itself. While WhatsApp itself has delayed the implementation of the update till the 15th of May, the lack of official action could seriously harm competition in the OTT messaging applications industry. Though the 2021 update has been subject to various contentions in the fields of data privacy and competition, WhatsApp, using its position as the dominant player was trying to find a leeway to get past them. In light of this, it is relieving to note that the Delhi High Court has refused to set aside the CCI order discussed in this article.
*Melita is a Researcher at IntellecTech Law and a law student at CHRIST (Deemed to be University), with a keen interest in IP and TMT law. She published her novel ‘Battle of the Spheres’ when she was 15 and is one of India’s youngest TEDx Speakers.
Vivek is a Researcher at IntellecTech Law and is a second year law student pursuing a B.A.LL.B degree from Jindal Global Law School. Having completed over 20 internships and 6 RAships in a span of one and a half years, he is determined to succeed in the fields of Intellectual Property Law, Environmental Law and Gender Justice.
 UOI, 233 (2016) DLT 436.