New Delhi: National Company Law Appellate Tribunal has clarified that user-consent and privacy safeguards governing WhatsApp’s data sharing with Meta apply equally to advertising and non-advertising purposes, delivering a significant interpretation of how Big Tech platforms must handle personal data in India.
The ruling came after the Competition Commission of India (CCI) sought clarification from the National Company Law Appellate Tribunal (NCLAT) on whether safeguards upheld in its November 4 judgment—which stressed express and revocable user consent—also extended to advertising-related data sharing.
A bench led by Justice Ashok Bhushan, chairperson of the NCLAT, along with Technical Member Arun Baroka, allowed the regulator’s plea and granted WhatsApp three months to align its data practices with the clarified directions.
Consent Rules Apply Across All Uses of WhatsApp Data
In its clarification, the tribunal said that the remedial directions issued by the CCI would apply to “WhatsApp user data collection and sharing for all WhatsApp purposes including non-advertising and advertising purposes.”
The tribunal noted that while its earlier judgment had set aside a blanket five-year ban imposed by the CCI on the use of WhatsApp data for advertising, it had consistently emphasised that any non-essential use of data requires clear, informed and revocable user consent.
The absence of an explicit reference to advertising data in the operative portion of the November judgment, the CCI argued, had created ambiguity. The tribunal agreed that clarification was necessary to ensure the reasoning and conclusions were applied uniformly.
Background: From Blanket Ban to Consent-Based Framework
In November, the NCLAT struck down the CCI’s direction prohibiting WhatsApp from using user data for advertising for five years, holding that such a restriction was excessive if users were provided meaningful opt-in and opt-out choices.
At the same time, the tribunal upheld a series of safeguards for non-advertising data sharing. These included requirements that WhatsApp:
-
Clearly disclose what categories of user data are shared with Meta entities
-
Specify the purpose for each category of data sharing
-
Ensure that non-service-related data sharing is not a condition for using WhatsApp in India
-
Extend these rights to all users, including those who accepted the 2021 privacy policy update
The CCI maintained that these protections were always intended to apply to all non-essential data uses, including advertising.
Meta Opposes Clarification, CCI Defends Its Scope
Meta Platforms and WhatsApp opposed the clarification plea, arguing that the tribunal lacked the power to modify or expand its operative directions through a clarification application.
Senior advocate Kapil Sibal, appearing for Meta, submitted that if the regulator believed the order was flawed, its only remedy was to file an appeal—not seek clarification. Counsel for WhatsApp echoed the argument, contending that the CCI was attempting to reintroduce directions that the tribunal had consciously set aside.
The CCI countered that it was not seeking a review, but merely clarification to ensure that the tribunal’s conclusions reflected its own findings—namely, that advertising and non-advertising data sharing fall under a unified consent framework.
After hearing arguments on whether Section 53(O) of the Competition Act permitted such a clarification, the bench ruled in favour of the regulator.
Implications for Big Tech and Data Governance
The clarification reinforces a broader regulatory signal: user consent standards cannot vary based on commercial purpose. For WhatsApp and Meta, it means advertising-related data flows will now be subject to the same disclosure, choice and revocability requirements as other forms of data sharing.
More broadly, the ruling strengthens the role of competition law in shaping data governance norms, even as India’s data protection framework continues to evolve under the Digital Personal Data Protection regime.
