In November 2024, the Competition Commission of India (CCI) once again assumed the role of India’s data privacy regulator. This time, it resulted in a ₹213 Crore (and counting) penalty imposed on WhatsApp. WhatsApp has responded by raising a jurisdictional doubt. Data is the new currency of abuse of dominance, as evidenced by WhatsApp’s use of user metadata to build market power. Can a messaging app’s terms of service be anticompetitive abuse?
Background
The WhatsApp-CCI saga began in January 2021, when the messaging giant rolled out a controversial privacy policy update. This update required users to consent to the sharing of their data with Meta, the parent company, for enhanced features and targeted advertising. This update made opting out apparently impossible, risking account deactivation for non-acceptance.
The CCI took suo motu cognisance on 24 March 2021. This probe focused on whether this coercive data extraction abused WhatsApp’s near-monopolistic dominance in India’s OTT messaging market (with over 500 million users) to unfairly bolster Meta’s online display advertising empire, thereby violating Section 4 of the Competition Act, 2002. Consequently, on 18 November 2024, the CCI imposed a penalty of ₹213.14 crore on Meta.
The Commission also restricted WhatsApp-Meta from data-sharing for advertising for five years and ordered granular disclosures and real opt-outs. WhatsApp then appealed to the National Company Law Appellate Tribunal (NCLAT), contending that the CCI lacked jurisdiction and that the matter is properly governed by the Digital Personal Data Protection Act, 2023.
In the November 2025 ruling, NCLAT Chairperson Justice Ashok Bhushan’s bench partly upheld the CCI’s findings of exploitative abuse and the full penalty (affirming data as non-monetary “consideration” that distorts competition). However, the Tribunal set aside the five-year sharing ban and the leveraging charge across separate legal entities, while retaining mandates for transparent purpose-linking and effective opt-outs. The tribunal has set a precedent for future Big Tech probes.
The case is currently pending before the Supreme Court as of the date of publication of this article.
WhatsApp’s Defence
According to WhatsApp, the CCI lacks the authority to regulate the security of personal data. In their defence, the counsel for WhatsApp asked for an explanation for how ‘data-safety’ is equated with ‘competition harm’, statutorily speaking.
Section 4 of the Competition Act lists five species of abuse. There is no mention of “privacy”, “data breach”, or “consent hygiene”. WhatsApp’s written submissions quoted the Supreme Court in Excel Crop Care (2017) 8 SCC 47: “Competition law does not concern itself with the intrinsic quality of a product; it concerns only the competitive process.”
This meant that a leaky privacy policy may be bad regulation, but it is not necessarily a bad competition.
WhatsApp has also claimed that consumers themselves have traded off privacy for free features by clicking ‘Accept’. Between May 2021 and the CCI order, 55% of users opted in within 90 days of the rollout without coercion, signalling market acceptance. After this, there was only a short-lived spike; WhatsApp’s growth flattened. In response, NCLAT stated that WhatsApp is too large to be trusted with a ‘Yes’, and therefore awarded WhatsApp only a ‘remedy win’ by not banning the sharing of data with Meta.
Another argument by Senior Advocate Abhishek Manu Singhvi posed a doomsday question to the NCLAT bench, noting that, given the annual server bill for 530 million Indians is ₹18,000 crore, the app is supposed to be free to use if WhatsApp cannot share metadata with Meta. The tribunal tacitly accepted the argument, considering they can’t kill the goose that is laying free eggs.
In short, WhatsApp did not merely defend its policy; it defended the idea of regulatory boundaries.
How was it Anticompetitive Conduct?
If we look at how the Competition Act is applied in this case, firstly, WhatsApp’s policy was a “Take-it-or-leave-it”. The extraction of metadata was the ‘price’ paid for a seemingly free app. This attracts Section 4(2)(a)(i), which covers imposing unfair conditions.
To which the NLCAT said that personal data is a non-monetary consideration. (Indirectly) Compelling users to surrender data in exchange for continued service constitutes an exploitative practice, irrespective of whether the DPDP Act separately punishes the same act.
Secondly, competitors of WhatsApp, such as Telegram, cannot replicate Meta’s 2.9-billion-user data lake. This leads to a foreclosure, which invites Section 4(2)(c), denial of market access. And lastly, Section 4(2)(e), i.e., using dominance in one market to protect/extend another, since Meta Ads have a display-ad dominance.
WhatsApp, being the only milkman in town, is diluting the milk (instant messaging) with water (privacy leak), reducing its quality (privacy) to extract additional profit. Meta’s move has increased rivals’ customer-acquisition costs. That is textbook foreclosure. Meta, having a monopoly in the social media market, is leveraging its position to increase its profits by being one of the largest players in India’s digital-ad revenue.
CCI no longer needs to show higher prices; it only needs to show higher surrender of personal data extracted by a gatekeeper. The NCLAT has handed every regulator in the world a ready-made template; first, define the relevant market, like Over-the-Top messaging in this case, second, the obvious one of proving the dominance, third, tracing the data pipeline to a second market (ads) and last, branding the pipeline “unfair” or “foreclosing”.
Conclusion
In the Meta v. CCI saga that culminated on 4 November 2025 and is currently pending before the Supreme Court, India has witnessed three legal firsts that bring competition and technology law into a single thread. The NCLAT declared that privacy degradation in a dominant app is exploitative abuse under Section 4(2)(a)(i), treating user metadata as non-monetary consideration extracted unfairly from 530 million Indians. For the first time, the tribunal mandated an institutional handshake between CCI and the future DPBI. Moreover, for the first time, a ₹213 crore fine stood while a five-year data-sharing ban fell, proving that cooperative regulation can punish market power without killing the free-service model. This is no longer an overlap; it is a fusion.