The Supreme Court of India delivered a scathing rebuke to Meta Platforms and WhatsApp during a recent hearing, upholding the Competition Commission of India's (CCI) Rs 213 crore penalty for abuse of dominance in the OTT messaging market. The case stems from WhatsApp's 2021 privacy policy update, which the CCI deemed exploitative by forcing users into a "take it or leave it" arrangement for data sharing with other Meta entities. The National Company Law Appellate Tribunal (NCLAT) had previously upheld this penalty in late 2025, though it relaxed certain restrictions like a five-year data-sharing ban.

Meta and WhatsApp challenged this before the apex court, but the bench—led by Chief Justice Surya Kant, along with Justices Joymalya Bagchi and Justice Vipul Pancholi—made clear its strong stance against compromising user privacy. The Chief Justice emphasized that no commercial venture can operate at the expense of citizens' fundamental rights, particularly the right to privacy. The court rejected arguments that user data remains protected simply because platforms claim end-to-end encryption or offer an opt-out option.

It questioned the validity of informed consent, observing that WhatsApp's complex privacy policies are incomprehensible to ordinary users, especially those in remote, rural or marginalized communities. The bench highlighted how even educated individuals struggle with the language, let alone vulnerable sections of society who rely heavily on the app.

Expanding the discussion beyond privacy, other senior advocates flagged the economic dimensions of data. They pointed out that every cycle of user data holds immense economic value, with user behavior meticulously monetized through targeted advertising across Meta's ecosystem. The court stressed the need for courts worldwide to develop innovative and robust oversight mechanisms to regulate big tech effectively, underscoring that data rights are non-negotiable in the digital age.

The Chief Justice demanded a clear undertaking from Meta that no personal information—even a single piece—would be shared without genuine safeguards. He described the current framework as a "decent way of committing theft" of private information, given the lack of meaningful choice in a market dominated by WhatsApp. The bench expressed skepticism toward opt-out mechanisms, noting that users often ignore or fail to understand notifications, and newspaper ads for such options are ineffective.

The Solicitor General reinforced this by characterizing the policy as truly "take it or leave it," leaving users with no real alternative in India's vast messaging landscape. Now questions rise whether the court's critique was directed solely at Meta, WhatsApp's parent company, or served as a wider caution to all major tech platforms operating in India. This stems from ongoing legal scrutiny where WhatsApp has defended its data-sharing practices by claiming user consent, but the court has challenged the validity of such consent when buried in convoluted language that even educated users struggle to comprehend.

A lawyer specialized in cyber law emphasized that the Supreme Court's observations reflect the broader hopes and aspirations of India's populace. He described the court's comments as a resounding message to all stakeholders: any entity operating in India must adhere strictly to Indian laws, respect privacy rights, and uphold fundamental rights enshrined in the Constitution. This stance, he argued, is crucial for bolstering India's cyber sovereignty. By highlighting how foreign tech firms might exploit Indian users' data as "guinea pigs" for monetization purposes, the court is drawing a line against practices that could undermine national security, integrity, and sovereignty. He noted that such judicial intervention was long anticipated, given the growing concerns over data exploitation in a market as vast as India's.

Delving deeper into the discussion, an executive of a cyber security firm critiqued the existing grievance redress mechanisms as largely ineffective. He argued that disputes raised through these channels are predictably rejected as they align with the companies' de facto norms of maximizing data collection. Likening the situation to a "gold heist," he suggested that tech giants are rushing to amass as much Indian data as possible before stronger regulations take hold, allowing perpetual monetization. This exploitation, he warned, treats Indians' personal information as experimental fodder, perpetuating a cycle of vulnerability until the government introduces robust user protections.

He also pointed to a simple way for users to check Facebook's practices—search for the app on the Google Play Store, click on it, and view the "Data Safety" section under "See details." This reveals extensive collection, including listening habits (potentially via microphones), religious and political ideologies, voting history, health records, financial details, contacts, photos, videos, locations, addresses, SMS, emails, and more. The startling revelation is that users often have no effective way to block or limit this access, turning everyday device usage into constant surveillance.

The conversation also touched on the practical challenges ahead, underscoring the uphill battle for reform. Raising awareness among 850 million users poses a mammoth task, particularly when policies are inaccessible to rural, uneducated individuals—as the Supreme Court itself noted, even those in elite circles find them baffling. Legal as well as electronic experts urged that the court's warnings should propel the government toward empowering ordinary users with meaningful remedies against privacy breaches. Without such measures, he cautioned, India risks continued data misuse, eroding trust in digital platforms and compromising national interests.