WhatsApp lawsuit explained: Privacy claims, message access and India’s DPDP act
A lawsuit alleges WhatsApp may have allowed access to user messages despite claiming end-to-end encryption, raising concerns under India’s DPDP Act.Summary
A class action lawsuit in the US is questioning WhatsApp’s claim that messages are accessible only to the sender and recipient. The complaint alleges that Meta’s platform may have a “backdoor” allowing employees and contractors access to user messages, potentially violating user privacy. WhatsApp denies these allegations, asserting its end-to-end encryption protects messages.
For India, with over 400 million WhatsApp users, this raises questions about consumer protection and the Digital Personal Data Protection (DPDP) Act, 2023. The DPDP Act emphasizes informed consent; if users were unaware of potential access, their consent may not be valid. Experts note that undisclosed third-party access without specific consent would breach the Act.
While the DPDP Act’s full provisions are not yet in force (expected May 2027), misleading privacy claims could fall under existing consumer protection laws. The case highlights the need for independent audits of encryption systems and stronger regulatory cooperation, as platforms are currently largely self-reporting on technical claims. Some experts also suggest current penalty caps may be insufficient for large technology companies.
(Source:Forbes India)