Supreme Court pulls up Meta over WhatsApp privacy policy case

New Delhi: The Supreme Court on Tuesday strongly criticised Meta, the parent company of WhatsApp, over the messaging platform’s privacy policy, warning that it would not permit compromise or exploitation of Indian users’ personal data. A Bench led by Chief Justice Surya made sharp observations on data privacy, constitutional protections and user awareness while hearing matters linked to WhatsApp’s 2021 privacy policy update and related regulatory orders.

Court issues stern warning on user data privacy

During the hearing, the Bench told Meta that privacy of Indian citizens cannot be treated lightly and indicated that constitutional protections override corporate data practices. The judges expressed serious concern over allegations that user data could be shared across platforms for commercial purposes.

“You can’t play with privacy… we will not allow you to share a single digit of our data,” the Chief Justice said, adding that the court would not permit exploitation of Indian users through opaque or coercive digital policies.

In a particularly strong remark directed at the company’s obligations under Indian law, the Chief Justice observed, “If you can’t follow our Constitution, leave India. We won’t allow citizens’ privacy to be compromised.”

The comments came as the court examined the scope and implications of WhatsApp’s privacy framework and the extent of permissible data sharing with other Meta-owned platforms.

Questions raised on policy transparency

The Bench also questioned the clarity and accessibility of WhatsApp’s privacy policy language, especially for ordinary users who may not be fluent in English or familiar with legal and technical terminology. Judges stressed that informed consent must be meaningful and understandable.

The court asked whether such policies can be realistically understood by poor and less educated users, including street vendors and people in rural areas who rely on the app for daily communication.

“…a poor woman or a roadside vendor, or someone who only speaks Tamil — will they be able to understand?” the court asked during the proceedings.

When informed about the presence of an “opt-out” clause in parts of the framework, the Bench said even trained legal minds sometimes struggle to interpret such documents.

“Sometimes even we have difficulty understanding your policies… so how will common people understand them? This is a way of committing theft of private information. We won’t allow it,” the Bench observed.

Government calls policy exploitative

Appearing for the Centre, Solicitor General Tushar Mehta criticised the 2021 privacy policy as “exploitative” and argued that it enabled commercial use of user data through cross-platform sharing within the Meta ecosystem.

He submitted that dominant digital platforms must be subject to stricter regulatory standards when dealing with personal data and user consent. The government supported regulatory intervention and enforcement action, saying user choice should not be forced through conditional access to essential digital services.

The submissions aligned with the earlier findings of the Competition Commission of India (CCI), which had examined WhatsApp’s market dominance and policy changes.

Meta defends encryption and safeguards

Meta and WhatsApp were represented by Senior Advocates Mukul Rohatgi and Akhil Sibal, who told the court that WhatsApp messages are protected by end-to-end encryption and cannot be read even by the company itself.

They argued that message content remains secure and inaccessible to Meta servers and that the dispute concerns limited categories of metadata and service-related information rather than the actual content of chats.

Counsel also informed the court that the ₹213 crore penalty imposed by the CCI has already been deposited, even as the company continues to challenge portions of the regulatory order and related restrictions.

Background of the dispute

The case arises from WhatsApp’s 2021 privacy policy update, which triggered widespread concern and legal challenges over mandatory acceptance and expanded data-sharing provisions between WhatsApp and other Meta entities.

In November 2024, the CCI ruled that WhatsApp had abused its dominant position by effectively compelling users to accept revised data-sharing terms to continue using the service. It imposed a penalty of ₹213 crore and ordered corrective measures.

Meta and WhatsApp challenged that order in January 2025. In November 2025, the company law tribunal upheld the monetary penalty but removed a five-year restriction on WhatsApp sharing certain user data for advertising purposes, holding that abuse of dominance was not fully established on that specific point.

A cross-appeal by the CCI is also under consideration regarding the tribunal’s relaxation on advertising-related data sharing.

Court cites practical privacy concerns

During the hearing, the Chief Justice illustrated privacy risks through a practical example, referring to situations where users perceive targeted advertisements soon after discussing health or personal matters digitally.

“If a message is sent to a doctor that you are feeling unwell and the doctor sends a prescription, immediately you start seeing ads,” he said, questioning how user trust can be preserved if data linkages appear too close for comfort.

The remarks reflected judicial concern about profiling, behavioural advertising and the limits of user consent in large digital ecosystems.

Conclusion

The court’s sharp observations indicate rigorous judicial scrutiny of big tech data practices and consent mechanisms. With privacy recognised as a constitutional right and digital platforms deeply embedded in everyday life, the outcome of this case could significantly shape how global technology companies design and enforce their data policies in India.