Where does the law stand?
As compared to the Personal Data Protection Bill, 2019 (“PDP Bill”), the law as it stands is much less demanding of companies in the business of collecting and using their users’ data. Under Rule 3 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), the only data collected by WhatsApp that may be classified as sensitive personal data (“SPD”) is that relating to “financial information such as Bank account or credit card or debit card or other payment instrument details”. Account information, contact list details, usage and log information, and network connection and other location-based information are classified as ‘personal information’ rather than SPD, and do not warrant the application of provisions detailed below.
Please click here to read the full article by Probir Roy Chowdhury published in ET Telecom.