The repercussions? Apart from the fine, the CCI has banned WhatsApp from sharing user data with Meta companies for ads in India for five years. Besides that, WhatsApp now has to clearly explain why it collects and shares specific data, and gives users an option to opt-out of such data sharing.

Meta has said that it will appeal the CCI’s fine. “We disagree with the Competition Commission of India’s decision and plan to appeal,” said a Meta spokesperson.

Blow By Blow

As per the CCI, Meta has violated Section 4 of the Competition Act. This section says that a company abuses its dominance in a particular market if it sets unfair prices or conditions, limits production, blocks competitors, forces unreasonable contract terms, or uses power in one market to dominate another.

WhatsApp has a strong hold on the Indian messaging market, with over 535.8 million monthly active users. This makes switching to another platform a tiresome task.

A user would need their whole network of friends, family and colleagues to switch at the same time. This makes it hard to leave WhatsApp, thus, giving it a dominant position.

The digital rights organisation Internet Freedom Foundation (IFF), which has been part of the investigation into Meta, welcomed CCI’s decision.

The IFF said in a statement: “This ruling is a significant step in holding Big Tech accountable for its impact on user privacy and competition in India… The decision highlights the growing recognition of privacy as a key issue in competition law.”

The Fallout Of The 2021 Privacy Update

Back in 2021, Meta had ensured that users’ personal conversations, which are protected by end-to-end encryption, wouldn’t be shared to a third party — not even WhatsApp or Meta.

But the sticking point was that users couldn’t opt out if they wanted to continue using WhatsApp. This was a major shift from its 2016 policy, where users had the option of not sharing their data with Facebook.

As a result, millions of users shifted to alternative apps like Signal and Telegram. Due to this widespread backlash, WhatsApp even delayed the enforcement of the policy and launched a campaign to explain it better. However, the concerns about user choice and data privacy persisted, leading to legal scrutiny.

This privacy update also came in the backdrop of India's preparations to pass the Digital Personal Data Protection (DPDP) Act, a law which would grant users greater control over how their personal data is processed by big corporations.

The Act was passed last year, but hasn't yet been implemented yet due to some pending regulations and frameworks. Under the Act, it is mandatory for organizations to ask for explicit consent for data processing, which must be given freely by the user.

The DPDP Act also stipulates that data procured by an entity cannot be retained for a duration longer than required and the user has the right to withdraw consent if they choose to.

Moreover, mon-compliance with the Act can attract significant penalties, which may deter WhatsApp from enforcing such updates.

It is safe to say that under the DPDP Act, such a move by WhatsApp might have been deemed coercive and therefore invalid.

Global Crackdowns On Meta

India may have been slow to penalise Meta, but other nations have already taken action.

Last year in January, Ireland’s Data Protection Commission (DPC) fined the parent company of Facebook, Instagram and WhatsApp € 390 million (Rs 3,484 crore) over its handling of user data, and for “forcing” users to accept the processing of their personal data for targeted ads.

In the European Union (EU) alone, Meta has attracted over US$ 2.8 billion (Rs 23,631 crore) in fines over the last four years. This is mostly because in 2018 the EU’s General Data Protection Regulation (GDPR) came into effect, which set stricter and more robust rules over data processing for sites such as Facebook and Instagram.

Countries like Nigeria, too, have fined Meta for privacy violations linked to WhatsApp's 2021 policy update. The country’s competition watchdog launched a probe in May 2021, and found unauthorised data sharing, lack of user control, and abuse of market dominance, and fined Meta US$ 220 million (Rs 1,858 crore).

Although the CCI in its press release does not specify exactly which Meta companies received the data shared by WhatsApp, in the context of Meta's operations, we can assume this likely includes platforms like Facebook and Instagram.

By penalising Meta, experts are of the view that CCI has begun the process of setting a precedent that dominant platforms cannot impose changes without regard for user autonomy or provacy. It also sends a strong message that even global tech giants must comply with Indian competition laws.