Centre flags five violations by WhatsApp
WhatsApp has failed to comply with the existing law on five counts, it further added.
WhatsApp has failed to specify the types of sensitive personal data being collected. It has used "extremely" general terms to enlist the kinds of data collected. Crucially, there is no difference between personal data or sensitive data which is being collected, the centre said.
According to the law, if a user withdraws consent, the data collected must be deleted by the corporate body. However, the Centre said that in WhatsApp's case it only offers the user the option to delete their account. If a user exercises this option, the policy clearly mentions that the undelivered messages will be deleted along with information it no longer needs. This means, that a substantial corpus of data may be retained even after the user has deleted their account.
Lastly, WhatsApp also failed to guarantee further non-disclosure by third parties, the counter affidavit filed by a secretary in the Ministry of Electronics and Information Technology read.