“Exit India If You Can’t Follow the Constitution”: Supreme Court Rips Into Meta Over WhatsApp Privacy Policy. In a landmark hearing that could redefine the boundaries of big tech in India, the Supreme Court of India has issued a scathing rebuke to Meta Platforms and WhatsApp LLC. Addressing the controversial 2021 privacy policy, a bench led by Chief Justice of India (CJI) Surya Kant made it clear that the exploitation of Indian users’ personal data would not be tolerated, even going so far as to suggest the tech giant “exit India” if it cannot respect the nation’s constitutional values.
A “Mockery of Constitutionalism”
The legal firestorm stems from appeals filed by Meta and WhatsApp against a ₹213.14 crore penalty imposed by the Competition Commission of India (CCI). The CCI originally found that WhatsApp abused its dominant market position by forcing a “take-it-or-leave-it” privacy update on users, mandate-sharing data across Meta’s ecosystem—including Facebook and Instagram.
During the proceedings, CJI Surya Kant did not mince words:
“You cannot play with the right of privacy of this country… You are making a mockery of the constitutionalism of this country.”
The Court expressed deep skepticism over WhatsApp’s claim that users have a “choice” to opt-out. Given that WhatsApp operates as a functional monopoly in the Indian messaging market, the bench argued that telling a user to “accept or leave” isn’t a choice—it’s an ultimatum.
The “Digital Literacy” Gap: Policies for the Common Man
One of the most poignant moments of the hearing involved the Court questioning the complexity of WhatsApp’s legal jargon. Senior Advocate Akhil Sibal, representing WhatsApp, argued that an “opt-out” mechanism exists. However, the CJI countered by highlighting the reality of India’s diverse and often digitally underserved population.
- The Literacy Barrier: The CJI asked how a fruit vendor or a domestic help would understand “cleverly drafted” legal terms.
- The Language Barrier: The Court noted that a person in a remote village in Tamil Nadu or Bihar would find the policy incomprehensible.
- The Verdict: The bench asserted that policies must be formulated from the perspective of the average customer, not legal experts. CJI Kant went as far as to describe the current practice as a “decent way of committing theft of private information.”
Targeted Advertising and the “Doctor’s Prescription” Anecdote
The bench, including Justice Joymalya Bagchi, raised alarms over how behavioral trends are monetized. Justice Bagchi noted that every “silo of data” has a commercial value and expressed a desire to examine how this data is “rented out” to advertisers.
CJI Kant shared a personal anecdote to illustrate the reach of this data tracking: “If a message is sent to a doctor on WhatsApp… that you are feeling under the weather… within 5-10 minutes, you start getting messages in your email and YouTube to go for this medicine or that medicine.”
While Meta’s counsel insisted that messages are end-to-end encrypted and unreadable by the company, the Court remained focused on the “digital footprints” and metadata that allow for such precise, and often intrusive, targeted advertising.
The Legal Road Ahead
Solicitor General Tushar Mehta, representing the government, supported the Court’s stance, noting that personal data is being commercially exploited. While the Digital Personal Data Protection (DPDP) Act, 2023 provides a framework for the future, the Court noted it is not yet fully in force, leaving a temporary vacuum that the judiciary must oversee.
Key Demands from the Court:
- Written Undertaking: The Court has demanded an affidavit from Meta’s management promising that user data will not be shared without explicit, meaningful consent.
- Government Involvement: The Ministry of Electronics and Information Technology (MeitY) has been impleaded as a party to the case to provide a broader regulatory perspective.
- Examination of “Data Rent”: Justice Bagchi suggested that Indian law should follow the EU’s lead, viewing data not just as a privacy issue but as a valuable asset that tech companies should perhaps pay “rent” to use.
The matter has been adjourned until next Monday. As Meta prepares its affidavit, the message from India’s highest court is deafeningly clear: The commercial interests of global tech giants cannot come at the cost of the fundamental rights of Indian citizens.
While India’s Digital Personal Data Protection (DPDP) Act, 2023 draws inspiration from the EU’s General Data Protection Regulation (GDPR), the Supreme Court recently highlighted several critical gaps where the Indian law remains “narrower.”
Comparison: DPDP Act (India) vs. GDPR (EU)
| Feature | India: DPDP Act (2023) | EU: GDPR |
| Concept of “Data Value” | Missing. Focuses almost entirely on privacy. Does not address data as a commercial asset or “rent.” | Included. Recognizes data has a notional value; shared data can be taxable and is viewed as an economic asset. |
| Legal Basis | Primarily Consent-centric. (Narrower). | Multiple bases: Consent, Legitimate Interest, Contract, and Public Interest. |
| Children’s Privacy | Strict: Age < 18. Requires verifiable parental consent; no behavioral tracking. | Flexible: Age 13–16 (varies by country). Less explicit ban on tracking. |
| Scope of Data | Digital only (or digitized offline data). | All data (including physical filing systems). |
| Data Rights | Basic: Access, Correction, Erasure. | Extensive: Includes Right to Data Portability and right against automated decisions. |
| Penalties | Up to ₹250 Crore per violation. | Up to €20 Million or 4% of global turnover (whichever is higher). |
Disclaimer: This information is based on various inputs from news agency.