TOI has reported today that the Nagpur Bench of Mumbai High Court has dismissed a PIL filed by Advocate Mahendra Limaye demanding that What’s App should retain the data for a specified period under Section 67C of ITA 2008.
The Court has held that since the service is voluntary and free, there is no public interest in the requirement.
Recently I had a discussion with some senior police officials who informed that in several investigations they were unable to obtain information from What’s App because of which their investigation could not proceed on the desired lines.
From the published information it appears that What’s App stores the personal data of its subscribers and also the contacts of the subscribers. To that extent, What’s App is exposed to Section 43A of ITA 2008 requiring “Reasonable Security Practice”. This also requires adherence to data retention requirements under Section 67C. They are also bound by Section 79 of ITA 2008 as an intermediary. Under the circumstances it appears that What’s App is bound by ITA 2008 and therefore there is a stake for Indian public on What’s App being compliant to Indian law.
However, it is the business model of What’s App that they only store the contact information and allow the content only to pass through. According to information available at http://www.howdoeswhatsappwork.com , the messages are temporarily saved on What’s App servers and automatically deleted after 30 days.
It is also known that What’s App proposes to charge a service fee after a trial period though they have indefinitely postponed the charging on the service. Now that Facebook has taken over the management of What’s App it is only time that What’s App would be a paid service or an ad supported service in a short time. The contention of Nagpur Court on “What’s App is free” is therefore not correct.
Further one grey area of What’s App operations is that they are acquiring “Contact” details of the subscribers and using it. A question arises in this context whether the subscriber has the consent of his contact to part with the mobile number and name to What’s App and whether this would be subject to privacy right of the contact. Since the subscriber is only sharing the number as associated with a name he has assigned to the contact, it may be argued that the data ceases to be that of the contact.
After the Uber and Bitcoin controversies on Interpretation Internet based business models, What’s App also needs to be understood properly if it is a purely “Peer to Peer” service or a “Server Based Service” and if so, whether What’s App will have liability to retain data at least when demanded by law enforcement etc.