India’s first regulation for ‘data privacy’ came through the Information Technology Act of 2000. This law deals with compensation for negligence in implementing and maintaining reasonable security practices and procedures for sensitive personal data or information; and provides punishment for disclosure of information without the information provider’s consent. In the case of privacy concerns regarding the unique identity scheme or Aadhaar database, the attorney general had argued in the Supreme Court that privacy is not a fundamental right guaranteed to Indian citizens; and therefore collecting and storing biometrics cannot be a violation of such a right. This case is still underway and has been referred to a larger bench of the Supreme Court.
In light of the complicated jurisprudence surrounding the right to privacy, the WhatsApp case takes on an important hue. The judgement in the case could determine the way ahead for privacy – both online and offline – in India.