Supreme Court Sends Strong Message to Tech Giants: Privacy Is Not Negotiable

India’s Supreme Court has delivered a powerful message to global technology companies, particularly WhatsApp and its parent company Meta, by questioning their controversial “take it or leave it” privacy policy. The Court’s observations have reignited conversations around digital rights, meaningful consent, and corporate accountability in India’s rapidly evolving data protection landscape.

Supreme Court Objects to “Take It or Leave It” Privacy Approach

During a recent hearing, the Supreme Court strongly criticised WhatsApp and Meta for their data-sharing practices under the 2021 privacy policy update. The policy allegedly enabled sharing of user data with Meta’s group companies for commercial and advertising purposes, raising serious concerns regarding user consent and data exploitation.

The bench emphasised that companies cannot compromise the privacy rights of Indian citizens for commercial gains. The Court clearly warned that technology companies must respect India’s constitutional framework and privacy protections while operating in the country.

In fact, the Court went further, stating that such policies could amount to indirect coercion because users often have little choice but to accept terms in order to continue using widely adopted digital platforms. This reflects a larger regulatory concern about whether consent obtained under dependency on essential digital services can truly be considered voluntary.

Privacy Rights Are Fundamental, Not Optional

The Supreme Court reiterated that the right to privacy is a fundamental right in India, deeply rooted in constitutional protections. This principle originates from the landmark 2017 judgement that established privacy as an intrinsic part of personal liberty and dignity.

The Court’s recent remarks reinforced that personal data cannot be treated as a tradable commercial commodity. Judges also highlighted how complex privacy policies are often written in technical language that ordinary citizens may not fully understand, raising serious questions about the authenticity of user consent.

The Court even questioned whether individuals from rural or less digitally literate backgrounds would realistically understand or be able to exercise opt-out rights hidden within complex legal terms.

Government and Regulators Stand Firm

The case is closely linked with earlier regulatory action by the Competition Commission of India, which imposed a penalty of ₹213.14 crore on Meta over WhatsApp’s 2021 privacy policy. Regulators found that the policy potentially abused market dominance by forcing users to agree to expanded data-sharing arrangements.

During proceedings, government representatives also described such policies as exploitative and raised concerns about the commercial monetisation of personal data without adequate safeguards or transparent consent mechanisms.

The Supreme Court has signalled that it will closely examine how user data is monetised, targeted, and potentially “rented out” for behavioural advertising, highlighting a shift toward stricter scrutiny of digital business models.

“No” Means “No” – Privacy Rules Apply Equally to All Organisations

The broader takeaway from the Supreme Court’s stance is clear: privacy compliance is not dependent on the size or influence of an organisation. Whether a multinational technology giant or a small business, data protection responsibilities remain identical.

The Court’s message reinforces a simple but powerful principle: if a user refuses consent, that decision must be respected. “No” means “No.” Organisations cannot design systems that subtly force users into consent through dependency, complex language, or lack of genuine alternatives.

This approach aligns with India’s growing regulatory maturity, where data privacy is being treated as a citizen’s right rather than a corporate negotiation point.

India’s Increasingly Bullish Stand on Data Protection

India’s judiciary and regulatory authorities are increasingly assertive in enforcing digital rights and accountability. The Supreme Court even indicated that companies unwilling to comply with Indian constitutional values may have to reconsider operating in the country.

Such statements highlight the government and judiciary’s collective intent to create a stronger digital governance ecosystem. With India moving toward full enforcement of modern data protection frameworks, organisations are expected to shift from minimal compliance to accountability-driven data governance models.

The Larger Industry Impact

The Supreme Court’s intervention could have far-reaching implications for:

• Consent-based data collection practices
• Transparency in privacy policies
• Fair competition in digital markets
• Accountability of global technology companies operating in India
• Strengthening user rights in digital ecosystems

It also signals that data fiduciaries must ensure clear, accessible, and user-friendly privacy frameworks rather than relying on lengthy legal agreements that users seldom read or understand.

Conclusion

The Supreme Court’s observations in the WhatsApp and Meta privacy policy case represent a defining moment in India’s digital privacy journey. The message is unmistakable: user data belongs to individuals, not corporations.

As India continues to strengthen its data protection regime, organisations must recognise that compliance is not just a regulatory requirement but a trust-building exercise. The Court has reinforced a fundamental principle that applies across industries and business sizes alike — when it comes to personal data, consent must be real, informed, and voluntary. And when a user says “No,” it must be respected.

 Source: The Hindu