Instagram Ends Encrypted Messaging: A Shift from Privacy to Platform Control

Instagram will discontinue its end-to-end encrypted (hereinafter “E2EE”) messaging feature from May 2026. This means that messages exchanged on the platform will no longer be protected by a system where only the sender and receiver can read them. Earlier, even Instagram could not access such encrypted chats, but with this change, the platform may technically be able to view and process message content.

Reasons Behind the Decision

The decision appears to be driven by multiple factors. These include:

·       Low adoption, as very few users actively enabled the feature.

·       Government pressure for greater access to digital communications to tackle illegal activities.

·       Safety concerns, as encrypted platforms can sometimes be misused for unlawful purposes, making monitoring difficult.

This change significantly affects user privacy. Messages that were once completely secure may now be accessible for moderation, compliance with legal obligations, or internal platform use. This increases the risk of data exposure, whether through breaches or authorised access by authorities. Users should take precautionary steps before the change comes into effect. It is advisable to back up important chats, photos, or data shared through Instagram messages.

Source: Instagram to stop end-to-end encrypted messaging in May.

News of the week:

1.     Gujarat Moves to Establish Data Governance Framework for Privacy Protection and Responsible AI

The Gujarat government is in the process of developing a state data governance framework aimed at strengthening data security and safeguarding privacy across its departments. This initiative, announced by the state’s science and technology minister during a legislative session, is part of a broader push to promote the responsible and ethical use of artificial intelligence.

The proposed framework will introduce structured guidelines governing how data is collected, stored, shared, and protected, ensuring that information remains secure. It also seeks to enhance transparency and accountability in the deployment of AI-driven systems within government operations.

The framework will also address critical concerns associated with AI, such as algorithmic bias, explainability of automated decisions, and the need for human oversight. The goal is to ensure that AI systems function in a fair, understandable, and accountable manner while maintaining human control over decision-making processes. This initiative forms part of Gujarat’s larger AI strategy, which focuses on fostering innovation while ensuring that technological advancements align with ethical standards, privacy requirements, and public trust.

Source: Gujarat preparing data governance framework to ensure privacy and ethical AI practices: Tech minister

2.     EU Privacy Authorities Raise Alarm Over Proposed US Expansion of Traveller Data Collection

European data protection regulators have expressed serious concerns about new US proposals that could significantly expand the amount of personal information collected from travellers entering the country. The changes are linked to the Electronic System for Travel Authorisation (hereinafter “ESTA”), which applies to visitors travelling under the visa waiver programme.

Under the proposed rules, travellers may be required to disclose detailed personal data, including records of their social media activity over the past five years. Authorities could also request sensitive information about family members such as contact details and dates of birth, raising questions about whether such data is necessary for travel authorisation. The European Data Protection Board has formally questioned these developments and sought clarity from the European Commission on how it plans to respond. Regulators are particularly worried about how this data will be stored, used, and protected once transferred to US authorities, as well as whether EU citizens will be able to effectively exercise their data protection rights.

Concerns further stem from ongoing EU & US discussions that could allow American agencies access to European biometric databases, including facial recognition and fingerprint data. Privacy watchdogs warn that such measures may pose serious risks to fundamental rights and could undermine established data protection standards.

Source: EU privacy watchdogs warn over US plans to expand traveller data collection

3.     Supreme Court to Clarify Scope of Personal Data Under India’s DPDP Framework

The Supreme Court has agreed to examine the meaning and scope of “personal data” under the Digital Personal Data Protection (hereinafter “DPDP”) Act, 2023, as part of ongoing constitutional challenges to the law. The issue has become central because how data is classified, whether personal or public, will determine the extent to which information can be accessed or withheld.

During the proceedings, the Court said that distinguishing between personal and public data is a key legal question. Petitioners argue that if the definition of personal data is too broad or unclear, authorities may misuse it to deny information requests, especially under the Right to Information (hereinafter “RTI”) framework.

The challenge also raises wider constitutional concerns about balancing the right to privacy with the public’s right to know. By taking up this issue, the Supreme Court is expected to define clearer boundaries for data protection in India, particularly in reconciling privacy rights with democratic transparency in the digital era.

Source: Supreme Court to look into what constitutes ‘personal data’ in DPDP laws.