Is the government allowed to read your WhatsApp chats under existing income tax laws? Here’s what experts are saying

This week, FM Nirmala Sitharaman defended the provisions of the new income tax bill, which allows an authorised officer to “break open the lock of any door, box, locker, safe, almirah, or other receptacle for exercising the powers conferred by clause (i), to enter and search any building, place, etc., where the keys thereof or the access to such building, place, etc., is not available; or gain access by overriding the access code to any said computer system or virtual digital space, where the access code thereof is not available.”Clause 247 of the Income Tax Bill, which will be effective starting April 1, 2026, allows authorised officers to do so only if they have information and reason to believe that the individual in concern owns undisclosed income, property, or documents that they would willfully not reveal in a bid to evade income tax.

Defending the need to include digital spaces and virtual realms under the ambit of search and seizure for income tax purposes, Sitharaman highlighted that such provisions are not new and currently exist under Section 132 of the I-T Act, 1961. However, presently, the section only covers physical assets and books of accounts, leaving digital assets and documents out of its coverage.

Noting how WhatsApp messages had already helped the government uncover Rs 200 crore worth of unaccounted funds linked to crypto, Sitharaman also underlined how Google Maps history and Instagram accounts have been instrumental in identifying cash hideouts and “benami” properties like luxury cars.

Many have raised concerns about this violating their fundamental constitutional right to privacy. But the question is, is the government legally allowed to do so? Is it already in the process of scrutinising our personal information like WhatsApp chats, which claim to be encrypted end-to-end? We decode for you.

Government can access any data in cases of national security

Due to WhatsApp’s end-to-end encryption, messages sent between two users are only readable by them; even the service provider cannot decrypt the contents of the messages. This prevents any third party, including service providers (WhatsApp, Telegram), from accessing the messages.However, as Ashish Mishra, Partner-Cyber Security, NangiaNXT notes, “As of now, the government has the provision to access the encrypted messages under certain exceptions such as legal request, court matters, surveillance, and criminal investigations. The DPDP (Digital Personal Data Protection) Act, along with the Telegraph Act and IT Act, gives the government power to request such data from service providers.”Section 17 of the DPDP Act also empowers the government to access even encrypted messages, particularly for national security, law enforcement, public order, or investigation of crimes. In other words, the government can exempt certain agencies from compliance if it is “in the interest of sovereignty, security of the state, or public order.”

This is termed as “reasonable restrictions” in the act. “However, the implementation is still under debate,” notes Mishra.

Even experts note that at present, there is no verified evidence to suggest that the government is directly accessing private WhatsApp chats or personal Google Maps history of every individual to track black money.

“That said, law enforcement and tax authorities do use a combination of open-source intelligence (OSINT), device forensics, call data records (CDRs), metadata analysis, and financial transaction monitoring to detect illicit financial networks and black money. WhatsApp itself does not store message content, and it explicitly states that it cannot and does not produce the contents of user messages in response to any government request.

However, under lawful requests, WhatsApp may share limited subscriber information—such as their name, service start date, last seen date, IP address, device type, and email address—and account information (such as a user’s profile photos, group information, and contacts list)—if it is available and applicable,” explains Tarun Wig, CEO & Co-Founder, Innefu Labs.

Such requests are further reviewed individually by WhatsApp’s Law Enforcement Response Team (LERT Team) to ensure they comply with legal standards.

But unless the government or agencies have encryption keys, it is not possible to access encrypted chats. Neither governments nor platforms can decrypt such messages without access to the device itself.

“Unless the government or agencies have encryption keys, it is not possible to access. Although with devices seized and opened using digital forensic tools, one-sided chats and downloads of transactions can be done easily. Also, using other metadata from the device, the officials can figure time and location data, which helps in investigations,” says Kartikeya Raman, Associate Partner, Digital, Trust and Transformation, Forvis Mazars India

However, government agencies can access metadata (such as who you contacted, when, and from where), which is not encrypted and can be legally obtained under due process.

Is my Google Maps history being tracked?

For apps like Google Maps, the government may be able to access location history, search data, and other metadata with a valid court order, especially for investigation into criminal activities like tracking black money.

“Law enforcement agencies globally—including in India—have historically submitted warrants to request user location data, especially in proximity-based investigations. However, Google is currently rolling out changes to its Location History feature,” adds Wig.

This would mean that your location data would be stored not on Google’s cloud server but on your local device. For users who choose to enable it (it is off by default), location data will now be stored locally on the user’s device rather than on Google’s servers. This significantly limits Google’s ability to respond to such location-based warrants in the future, enhancing user privacy and control.