The Supreme Court on Tuesday came down heavily on Meta Platforms Inc. and its subsidiary WhatsApp LLC over their data governance practices, observing that the commercial exploitation of Indian users’ personal data under the guise of contractual consent warranted close judicial scrutiny.
The Bench of Chief Justice of India Surya Kant, Justice Joymalya Bagchi and Justice Vipul Pancholi prima facie made strong observations, while hearing a batch of civil appeals instituted by Meta Platforms and WhatsApp challenging the judgment of the National Company Law Appellate Tribunal (NCLAT), which had affirmed the Competition Commission of India’s (CCI) penalty of Rs 213.14 crore imposed in relation to WhatsApp’s 2021 privacy policy update.
The CCI had also preferred a cross-appeal assailing the limited relief granted by the NCLAT, particularly to the extent it permitted continued data sharing for advertising purposes after setting aside the regulator’s finding of abuse of dominant position.
At the threshold stage, the Court expressed serious constitutional and statutory concerns over the asymmetry of power between dominant digital platforms and individual users, especially in the context of consent-driven data processing.
It underscored that digital intermediaries enjoying market dominance could not be permitted to monetise personal data in a manner that erodes informational self-determination, a core facet of the fundamental right to privacy recognised by the Constitution Bench in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) 10 SCC 1.
While admitting the appeals, the Court emphasised that the absence of meaningful user choice, particularly on platforms exhibiting characteristics of market dominance, raised grave concerns under both constitutional law and competition jurisprudence.
The Bench indicated that a “take-it-or-leave-it” consent architecture, especially in a messaging service with near-ubiquitous penetration, could undermine the voluntariness required for lawful consent under data protection norms, particularly where consent is neither granular nor purpose-specific.
Senior Advocates Mukul Rohatgi and Akhil Sibal, appearing for Meta Platforms and WhatsApp respectively, informed the Court that the entire penalty amount had already been deposited. They further relied upon WhatsApp’s end-to-end encryption architecture, contending that message content exchanged between users remained inaccessible even to the platform itself.
The Court’s scrutiny, however, extended beyond message content to encompass metadata, behavioural profiling, and the downstream commercial use of user information.
The Bench noted that modern data markets attributed significant economic value to behavioural datasets irrespective of whether core communications remained encrypted. Such data was routinely analysed, aggregated, and monetised through targeted advertising, raising concerns relating to data rent extraction and the commodification of user behaviour, it added.
Solicitor General Tushar Mehta intervened to submit that personal data in the digital economy was not merely collected but commercially exploited, often without users comprehending the economic value being extracted.
The Court observed that, unlike the European Union’s General Data Protection Regulation (GDPR), Indian law presently lacked an explicit framework for the economic valuation of personal data as an asset.
Meta’s reliance on the Digital Personal Data Protection Act, 2023, was met with judicial caution, with the Court noting that the statute was yet to be brought into force and could not retrospectively legitimise contested practices predating its notified operational framework.
While reference was made to proceedings pending before a Constitution Bench concerning WhatsApp’s privacy policy, the Court clarified that sector-specific scrutiny under competition law could not be eclipsed by parallel constitutional adjudication.
The CCI, represented by Senior Advocate Samar Bansal, defended the regulator’s findings, submitting that WhatsApp’s business model was intrinsically advertising-driven and that users effectively constituted the product in an ostensibly free service ecosystem.
It was argued that the CCI had correctly applied Section 4 of the Competition Act, 2002, in concluding that WhatsApp abused its dominant position by coercively tying continued access to its messaging service with expanded data sharing across Meta group entities.
Meta sought time to place a comprehensive affidavit on record detailing its data handling, sharing mechanisms, and monetisation practices. Accepting the request, the Court adjourned the matter to the following week.
On the suggestion of the CCI, the Bench also directed the impleadment of the Ministry of Electronics and Information Technology, recognising the wider regulatory and policy implications of the dispute for India’s evolving digital governance framework.
The controversy traced its origins to the CCI’s order of November 2024, which examined WhatsApp’s 2021 privacy policy update. The regulator concluded that WhatsApp, holding a dominant position in India’s over-the-top (OTT) messaging services market, imposed a unilateral and non-negotiable consent framework that compelled users to accept enhanced data sharing with Meta group companies as a condition for continued access.
The CCI held that such conduct amounted to an abuse of dominant position under Section 4 of the Competition Act, 2002, and imposed a penalty of ₹213.14 crore along with behavioural remedies aimed at restoring user choice and transparency.
In November 2025, the NCLAT partly modified the CCI’s directions by setting aside the prohibition on advertising-related data sharing and overturning the finding of unlawful leveraging of dominance into the digital advertising market. Nevertheless, it upheld the monetary penalty, prompting appeals from both sides before the Supreme Court.
The post WhatsApp Privacy Policy row: Supreme Court flags concern over user data exploitation under contractual consent appeared first on India Legal.