An Indian court has ordered the encrypted messaging app, WhatsApp, to not share customer data with its parent company, Facebook.
The Delhi High Court ruled that WhatsApp could not share user information collected before 25 September 2016, the date the policy changes took effect. The chief justice of the Delhi High Court said that WhatsApp should delete the data of users who opt out of the changes that took effect at the end of last month.
The case was raised after two Indian students, Karmanya Singh Sareen and Shreya Seth, brought it up in late August 2015, claiming that the policy changes would endanger the privacy of users.
The plea, published by Mashable, reads that WhatsApp and Facebook “have introduced this policy which severely compromises the rights of its users and makes the privacy rights of users completely vulnerable".
The Indian court's decision echoes statements made by German regulators recently. On 27 September, Johannes Caspar, the Hamburg Commissioner for Data Protection and Freedom of Information said that Facebook “neither has obtained an effective approval from the WhatsApp users, nor does a legal basis for the data reception exist”.
Caspar added that in 2014, when Facebook acquired WhatsApp, the social media giant promised it would not share user data.
While Facebook and WhatsApp have been clear that correspondence and photos will not be shared, account information like mobile phone numbers and the numbers of those in the users' address book will.
The decision to share user data with Facebook, made earlier this year, sparked uproar amongst users and privacy advocates. At the time, the US-based Electronic Privacy Information Centre (EPIC) claimed that the company has violated Federal Trade Commission (FTC) statutes by lying to its users.
EPIC wrote in a statement that “Facebook purchased WhatsApp in 2014, and the companies promised users of the privacy-protective messaging service that ‘nothing' will change for WhatsApp users' privacy”.
The group filed a complaint saying that Facebook and WhatsApp's new policy changes constituted a “failure to obtain users' opt-in consent before changing data practices would be an unfair and deceptive trade practice”.
The founder of WhatsApp,Jan Koum, who grew up in the Soviet Era Eastern bloc and by his own admission, is suspicious of any attempts to erode privacy. At the time, Koum wrote a blog post defending the decision to share customer data with Facebook, saying that the new measures would allow both services to tailor advertisements better and fight spam.
He reassured customers that “even as we coordinate more with Facebook in the months ahead, your encrypted messages stay private and no one else can read them. Not WhatsApp, not Facebook, nor anyone else.”
“We won't post or share your WhatsApp number with others, including on Facebook, and we still won't sell, share, or give your phone number to advertisers.”
WhatsApp, ironically enough, is famous for the fine point it puts on the privacy of its users. Earlier this year, the messaging service was praised for introducing end-to-end encryption, which theoretically puts the private correspondence of its users beyond the reach of even the service itself.