“Personal data is the currency of today’s digital market”

-Viviane Reding, (Former Vice-President, the European Commission)


A dominant entity in the market holds the power to exploit the consumers and the competition in whichever way it wants because the dependence of the consumers on the services of such an entity is so high that even if its practices are detrimental for the consumers, they will not discontinue using it. Therefore, the Competition Law exists to keep a check on such practices. In the Competition Act, Section 4 defines Dominance as the ability of any enterprise to behave independently of its competitive forces and affect the competition in its favour. The competition Law does not prohibit dominance per se but proscribes the abuse of such dominance which hampers the free and fair competition in the market.

One such dominant entity that exists in our country is WhatsApp. It is the most popular social networking app in India; three in every five Indians actively use WhatsApp. In the present era, it is one of the most preferred modes of communication. Also, the Covid-19 Pandemic has significantly aided in increasing the use of WhatsApp. WhatsApp’s presence is so dominant in the market that despite the launch of new and compatible messaging apps such as Signal and Telegram, it has not suffered any loss. Thus, the company took advantage of this situation by announcing its new privacy policy, at the beginning of this year.

Does WhatsApp’s Recent Change in Privacy Terms Amount to ‘Abuse of Dominance’?

In 2014, when WhatsApp was bought by Facebook, the former gave an assurance that it will never violate the privacy of its users. To our surprise, amidst the growing privacy consciousness, this tech giant has updated its privacy policy. As much as this policy is atrocious, the fact that it is mandatory for users to accept it is far more appalling. The new policy enables information sharing with Facebook and companies associated with Facebook. The information such as profile picture, status, name, contact details, IP Address, etc, can be accessed. Another important feature of this policy is that the chats of business accounts will not be end-to-end encrypted, which means that the chats between a user and any business account will be accessible by WhatsApp. This chat may include sensitive data such as bank account details, which can be used to the detriment of the user. With this new privacy policy, the possibilities to exploit the consumers are endless.

In addition to all of this, if the users fail to agree to the policy before 15th May, then they won’t be able to continue using it. This just shows how WhatsApp has used its dominance in the most arbitrary manner.

WhatsApp’s Abuse of Dominance: Through the Prism of Law

Earlier in March, 2021, in a significant development, the Competition Commission of India took a Suo moto case against WhatsApp and ordered an inquest into WhatsApp’s new privacy policy after getting an impression that it is violative of section 4 of the Competition Act. The order of the CCI stated that such conduct degenerates many non-pricing parameters of competition viz. quality and privacy. This damages the consumer's faith and trust without any justified rationale. The commission took notice of the following assertions while deciding the matter:

1. Firstly, there is no legitimate reason as to why the information has to be shared with other platforms. Such sharing not only questions the security of the user’s data but raises concerns related to abuse of dominance under Section 4(2)(a)(i) of the Act. The fact that agreeing to the policy is the only option with the users, it is prudent to assert that WhatsApp is imposing unfair conditions on its users.

2. They also observed that the terms of the policy are neither completely transparent nor based on voluntary consent of the users. It gives no real choice to the users, which is unfair to them. Also, the nature and scope of the policy is quite broad and ambiguous in nature. Being the owners of their personal information, the users are entitled to know the scope of such policy in a univocal and lucid manner. Further, the use of words like ‘such as’, ‘For example’, ‘includes’, ‘etc.’ makes the list non exhaustive.

3. Earlier, in the 2016 privacy policy, the users had a 30-day opt out window, which was one of the reasons for the commission to find absence of abuse of dominance. However, no such provision is given in the new policy. Hence, the users have to agree to this ‘take it or leave it’ policy if they wish to continue using the application. The fact that they can impose such a condition on the users is in itself violative of the competition law.

4. It must also be taken into consideration that on WhatsApp, communication between two people can only happen if both the users have registered on it. As a result, more and more people join it in order to facilitate the conversation. Now, if any person, who doesn’t agree with the new policy, wishes to switch the platform, they would have to convince all his other contacts to switch simultaneously. This is what is called a lock- in effect. This term means a practice in which companies make it exceptionally difficult for its users to leave its services, even if they want to but they are trapped in such a way that it becomes impossible.

5. Lastly, if at all people switch from WhatsApp to another platform, they may lose all their historical data on it, as the process to port the data is quite cumbersome and time consuming. This would increase the switching cost.

Being mindful of all these observations, the CCI has come to a conclusion that such handlings will raise concerns related to fair trade practices with reference to competition law and hence it has ordered the director general to delve into the matter and conduct an investigation under section 26(1) of the Act and submit the report within 60 days to the commission.

In response to this, WhatsApp and Facebook have recently filed a plea in Delhi High Court to put a stay on the order. The counsel for the tech giants argued that firstly, it is not CCI’s place to order anything as it is a matter related to privacy and hence of constitutional law and not competition law. Secondly, since, the Supreme Court is already handling the same case, the CCI need not conduct an investigation. Be that as it may, the Delhi High Court has reserved its judgement and is yet to give its verdict. However, we are of the opinion that this issue falls in the domain of competition law, which is why CCI is the right authority to keep a check on it.

Other Legislations for Data Protection

India needs a legislation for data protection, which specifically addresses how the data is collected, processed and used. One of India’s most comprehensive data protection standards can be found in Information Technology Act (ITA) 2000. These Rules provide rights to the people with regards to their information and obligate corporate bodies to take steps towards protecting the privacy of consumer's information. Among other things, they require that any corporate body must put out an online privacy policy, provide individuals with the right to access and correct their information, get consent before disclosing personal information and require companies to take sufficient protection when transferring information.


Today’s consumers value non- price parameters such as quality, innovation, and customer service, equally to the price of the service. Privacy of data, is one such parameter, which the user’s value highly now, more than ever. Reduction in protection of consumer data and loss of control over personal data by the users can lead to reduction in quality of service. Moreover, Lower data protection by a dominant entity can lead to not only exploitation of consumers but also have cliquish effects as they would further reinforce their position and leverage themselves in competition. Cross- linking of data and incorporation can further strengthen the dominant position. Data collected from WhatsApp will help other Facebook owned platforms to track down users and consumer behaviour. Apart from this, the Information Technology Act (ITA) 2000 protects users' privacy to a great extent but they are not yet recognized by the European Union as many gaps still exist. These lacunas leave a number of bodies unregulated and various types of information unprotected.

This new privacy policy is not applicable on European users, as in Europe there exists a strong Data Protection Regulation(GDPR). This shows us the dire need of strong data protection laws in our country. In the past Indian judiciary has held that the Right to privacy is of the utmost importance and the government must take measures to protect it at all costs (the Puttaswamy Case). But besides this and the controversial Personal Data Protection Bill, 2019, there is still a vacuum of laws. So, the government and the judiciary of our country should prioritize privacy and bring a strong set of rules for data protection and forbid any dominant entity to exploit its users’ privacy.

This article has been written by Hritika Jain and Rishika Jain. Hritika is a 2nd year BBA LLB student at Chanakya National Law University, Patna and Rishika Jain is a 2nd year BA LLB student at National Law Institute University, Bhopal.