Personal Data Protection With Respect To Social Media Usage In India: Constitutional Law Aspect (By: Shubham Raj & Saurabh Raj)

Personal Data Protection With Respect To Social Media Usage In India: Constitutional Law Aspect

Authored By: 1.   Shubham Raj

B.B.A., LL.B. (Hons.) 4th YEAR

CHANAKYA NATIONAL LAW UNIVERSITY, PATNA

2.    Saurabh Raj

MASTER OF LAWS (LL.M.)

NATIONAL FORENSIC SCIENCES UNIVERSITY, DELHI CAMPUS

Abstract

In the present research paper the researcher has made an attempt to put forward the issues regarding data protection with respect to the social media usage in India within the purview of Constitutional Law. The researcher has tried to make a connect through the precedents, statutes and the ongoing issues highlighting the concerns of internet driven community with some technical aspects as well. Basically how the social media is encroaching the fundamental aspect of life i.e. privacy by accessing the personal data that is being discussed. The contentions of Puttaswamy judgment has blended well with the present topic and the learnings have been discussed.

Keywords: Privacy, Liberty, Cyberspace.

List Of Abbreviations:

Abbreviations

Full Forms

Crl

Criminal

CrPC

Criminal Procedure Code

Govt

Government

HC

High Court

RCR

Recent Criminal Reports

SC

Supreme Court

SCC

Supreme Court Cases

List Of Statutes:

THE CONSTITUTION OF INDIA, 1950

THE INDIAN PENAL CODE, (45 of 1860)

THE CODE OF CRIMINAL PROCEDURE, (2 of 1974)

THE INFORMATION TECHNOLOGY ACT, 2000 (21 of 2000)

INFORMATION TECHNOLOGY (INTERMEDIARY GUIDELINES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021

THE PERSONAL DATA PROTECTION BILL, 2019

RIGHT TO INFORMATION ACT, 2005

CYBER CAFE RULES, 2011

TABLE OF CONTENTS

INTRODUCTION
LITERATURE REVIEW
STATEMENT OF PROBLEM
OBJECTIVES
HYPOTHESIS
RESEARCH QUESTIONS
RESEARCH METHODOLOGY
SCOPE AND LIMITATIONS

UNDERSTANDING THE RISK INVOLVED BY THE USE OF SOCIAL MEDIA WITH RESPECT TO PERSONAL DATA PROTECTION

TECHNOLOGICAL AND INFORMATIONAL PRIVACY: ACKNOWLEDGEMENT OF INDIAN LEGAL SYSTEM

DATA PRIVACY: JUDICIAL INTERPRETATION, LEGISLATIONS AND ISSUES

ANALYSIS OF INTERNET PRIVACY IN INDIA

CONCLUSION AND SUGGESTIONS

BIBLIOGRAPHY

Chapter 1

Introduction:

“A violation of privacy results in "stripping the individual naked of his human dignity by exposing his personal life to public scrutiny.”[1]

Privacy is an inherent right of human which takes into account one’s personal information such as physical attributes, relationships, autonomy, dignity, communications, etc. Privacy is a moral, legal, positive & a human right of which a human cannot be deprived.[2]

If simplified privacy can be as minor issue as sleeping, bathing or as complicated as government surveillance.[3] It is to protect the individual from being located, from sharing identification number & not sharing the online activities. Any intrusion in privacy by a third party is a great violation & there arises a need of it to be legally protected.[4] These days the third parties are the social media and various other apps and websites which access the personal data of an individual through different mediums or techniques. There is a lack of a watchdog for these platforms.

As stated by Justice Chandrachud, “Every transaction of an individual user and every site that she visits leave electronic tracks generally without her knowledge. These electronics tracks contain powerful means of information which provide knowledge of the sort of person that user is and her interests. In aggregation, information provides the picture of a being of things to be disclosed and best hidden”.[5]

The term "social media" refers to a range of methods for sharing and discussing information that rely primarily on the Internet and mobile phones. It combines technology, telecommunications and social interaction and provides a platform that combines technology, telecommunications and

 social interaction.[6]

Companies and governments are increasingly being accused of profiling people based on the personal data they collect in the name of "personalized services" and/or "national security."[7] No individual is aware about how his/her personal data would be used either with consent or no consent because these platforms hardly care about the consent. There is also a growing sense of suspicion toward firms that collect personal data especially when it comes to how that data is utilized and secured. The need for regulation of internet & social; media is definite.

Literature Review:

VRINDA BHANDARI,’PRIVACY CONCERNS IN THE AGE OF SOCIAL MEDIA’, INDIA INTERNATIONAL CENTRE[8]

Excellent piece of article in which almost every aspect related to the present day status of the data privacy laws have been given. The article systematically laid out the history, current laws, and landmark judgments and has also pointed out the need for change in law. This article helped the researcher in understanding the lacunae of the present legislations along with the issues which are persisting. Although, the article wasn’t enough for the purpose of knowing the mechanism in which the third parties are accessing the data & also it lacked the recent amendments & case laws.

KATHERINA GLAC, DAWN R. ELM AND KIRSTEN MARTIN, AREAS OF PRIVACY IN FACEBOOK: EXPECTATIONS AND VALUE, BUSINESS & PROFESSIONAL ETHICS JOURNAL[9]

The Article gave researcher an idea about the privacy issues and data exchange on one social media platform i.e. Facebook. The Article was very helpful in getting an insight into the variables, privacy concept followed by facebook, the mechanism in which knowingly or unknowingly the information is accessed. Various International cases are given as an example to make the readers understand how the privacy is ignored by social media platforms. Though, as this article was all about facebook so it left a scope for the researcher to research about other aspects as well.

PURUSHOTHAM KITTANE, INIKA SERAH, CHARLES AARON, KAMATH GOWREE GOKHALE, PRIVACY AND DATA PROTECTION – INDIA WRAP 2020 THE NATIONAL LAW REVIEW[10]

This piece of article is good enough for referring about the government policies, bills & regulations regarding protection of privacy in data. This article is more inclined towards the measures to be followed by the government while implementing nationwide programs digitally. It has mentioned some of the very recent judgments about the high courts commenting about the protection of data along with special reference to National Digital Health Mission. This article has enlightened the researcher about the obligations of government to protect the privacy & liberty of citizens. Though it does not fully cover the ambits of privacy with respect to social media so further research was needed.

VIJAY GOVINDARAJAN, ANUP SRIVASTAVA, AND LUMINITA ENACHE, HOW INDIA PLANS TO PROTECT CONSUMER DATA, HARWARD BUSINESS REVIEW

This Article primarily focuses upon the implementation of Data Privacy Bill & gives a picture about the vision, mission & implementation of this bill. This article discusses about the future course of action and this has helps the researcher to understand how the pending bills of India have gained an international praise. This article has helped the researcher to get a crisp understanding about the future course of action & how it will affect or effect lives.

STATEMENT OF PROBLEM:

Due to the rapid growth of digitization and revolution in the technology a major chunk of population is now using internet and so is the increase in the use of different apps, websites and social media platforms. The industries are working online and even the national governments are implementing a lot of programs through digital medium which enables them to have control over the personal information and personal data of citizens. There are a number of businesses who receive profit by examining the personal data. With such major shift and vulnerability, India lacks a proper legal regime along with enough technical equipment to regulate the platforms from sharing and accessing the personal data.

Objectives:

The researcher aims:

1.         To Understand the Concept Of ‘Privacy’ within Constitutional Framework and International Standards.

2.         To examine the Impact of Social Media over the data privacy issues.

3.         To evaluate the mechanism of Social Media with respect to compromising the data of citizens.

4.         To assess the Regulatory Framework and Legal Regime enacted to protect the data.

5.         To suggest the changes needed in the present day laws.

Hypothesis:

The Social Media Platforms are compromising with the data privacy of the citizens.

Research Questions:

1.         Whether Privacy is a fundamental right guaranteed under the Constitution of India?

2.         Whether the personal data of the citizens is protected by the legal framework?

3.         Whether the Social Media Platforms are being monitored by the national government for ensuring the personal data protection or not?

Research Methodology:

The researcher has followed the Doctrinal Method of Research to complete the research.

Scope And Limitations:

Though the ambits of privacy, data protection, and social media are very vast and extend to the healthcare, Unified Identity, Digitization etc. Though privacy and personal liberty have been interpreted in numerous cases by the courts but this research will solely focus on the data privacy issues raised by the use of social media only. This research will analyze the aspects related to social media within the purview of Constitutional Law.

Chapter 2

Understanding The Risk Involved By The Use Of Social Media With Respect To Personal Data Protection

The militants Of ISIS in October 2014 started collecting the profiles & data of people whom they targeted slaughtered them. They also threatened & sent offensive messages to the individuals.[11]

It is pertinent to note that once something is put out in the internet it never gets deleted. Nowadays the third parties are actively sharing the personal details of an individual to any other person. Every Archive, every record and even search history is available in the database which can be accessed by the third parties. The websites which obtain images or documents for converting into other format also act as a source of information which is personal to an individual. One of the most impactful open resource data collection platforms is Maltego that join the dots, relates and stores and outsource information. The technique used by this platform is “Foot printing” which gathers IP Addresses. It finds out the weak point and through OSNIT infrastructure becomes a powerful 3rd

party which is used by various analysts and experts.[12]

Apart from all these time & again Facebook has been blamed for infringing privacy & unethical practices. The data was being transferred easily & personal aspects such as photos are downloaded easily. This is the reason that the number of users also started declining in recent years. In today’s world cyberspace is the most vulnerable space where everything can be accessed. With each & every second individuals are transferring their personal data to the apps which are constantly seeking permission to access the storage & files of devices.

The GPS system proves to be the most dangerous one as it can navigate the location of an individual. Each & every time the technology is storing the data. The plight is that the governments have still not come up with any idea to curb all these issues. Similarly the cookies are designed by the websites to identify the user who has visited the website more than once & then it collects the data & serves the content as per the choice of an individual.

Social Media Social Norm:

Widely the self disclosure or the voluntary disclosure is being followed which is privately owned by the websites or the service providers. The problem is that the users are not aware as to where to draw the boundary & stop sharing the personal details with these platforms. The technological advancements has lead to the surveillance of personal chats & personal emails which further shapes the whole structure of how we view these platforms because these monitoring is done to serve the interest of the users. Very cleverly the websites use the default setting of “opt out” in which the burden lies on the user who shares the information. There is no “opt in” through which the liability lies with the website unless the user expressly agrees.[13]

Other Privacy Concerns On Social Media:

Scrapping Of Data

The online activities of the individuals are processed without their information.

Leaking Personal Data

Farmville and Family Tree are two programmes that have been proven to leak identifiable information by asking the users to download some application and then access the data.

Tracking of Online Social Media

The websites by asking the users to accept the cookies track the information.[14]

The problem is that a layman doesn’t have any idea that these are the techniques by which the privacy is encroached. There is no awareness and that’s why people are more vulnerable and there is a need to make people understand about these problems for their safety interests.

Chapter 3

Technological And Informational Privacy: Acknowledgement Of Indian Legal System

Justice Chandrachud in Puttaswamy’s case was of the view that, “We are in an information age. With the growth and development of technology, more information is now easily available. The information explosion has manifold advantages but also some disadvantages. The access to information, which an individual may not want to give, needs the protection of privacy”.[15]

In many ways, the Puttaswamy case is a watershed moment in Indian legal history, but it is most notable for emphasizing the importance of recognizing and safeguarding informational privacy. "To make this right meaningful, it is the state's duty to put in place a data protection system that,

while safeguarding individuals from threats to their informational privacy posed by state and non-state actors, promotes the general well," the court ruled. The committee must work with this understanding of the state's role in developing a data protection framework." Without a question, the judiciary's views on informational privacy as a component of privacy are progressive.[16]

In Puttaswamy v. Union of India[17], Justice Nariman stated “we can ground physical privacy in article 19 (1) (d) and (e) read with article 21; privacy of choice in articles 19 (1) (a) to (c), 20 (3), 21, and 25 and ground personal informational privacy under article 21.” He was of the view that, “the core value of the nation being democratic, for example would be hollow unless persons in a democracy are able to develop fully in order to make informed choices for themselves which affect their daily lives and their choice of they are governed.” The right to "freedom of speech and expression" is also guaranteed by Article 19 (1) (a) of the Indian Constitution. Freedom of speech and expression refers to the ability to freely express one's beliefs and thoughts by speech, writing, printing, photography, or any other means. It also includes the right to disseminate or publish the ideas of others. Article 19(2) puts out a number of arguments for acceptable limitations on this right. The interests of India's sovereignty and integrity, the state's security, friendly relations with foreign countries, public order, decency or morality, or in cases of contempt of court, defamation, or incitement to commit a crime are all covered.[18]

Whenever Government tries to put safeguards against the cyber crimes it is objected that the freedom of speech and expression is being curtailed. But after the Mumbai terror attacks, Information technology Act, 2000 was introduced. India's cyber law now includes measures for website blocking, monitoring, reporting data collection, interception, and decryption of internet traffic data, unrestricted access to sensitive personal data, and data storage middlemen', such as social networking platforms that are responsible for hosting user- generated offensive information, and so on. In this context, India has been a leader.

In the case, Secretary, Ministry of Information and Broadcasting, Government of India and others v. Cricket Association of Bengal and others[19] the Supreme Court that “for ensuring the free speech right of the citizens of this country, it is necessary that the citizens have the benefit of plurality of views and a range of opinions on all public issues. A successful democracy posits an aware citizenry. Diversity of opinions, views, ideas and ideologies is essential to enable the citizens to arrive at informed judgment on all issues touching them. This cannot be provided by a medium controlled by a monopoly- whether the monopoly is of the State or any other individual, group or organization.”[20]

Recently, Section 66A of the Information Technology Act, 2000 was struck down as unconstitutional in Shreya Singhal v. Union of India[21]. It was held so because it was violating freedom of speech and expression.

Under the Fundamental Rights Act, the "Right to Privacy" is an implicit right. The right to privacy is not specifically recognized in the Indian Constitution, but it has been spelled out by our Supreme Court in Article 21 of the Constitution, which deals with the right to life and liberty. In several situations, the Supreme Court of India has reaffirmed the "Right to Privacy," but its application to internet content has yet to be properly established by a judicial judgment.[22]

The recent conflict going on between networking sites & web forums, the Delhi High Court have declared that hazardous information on such websites must be removed, failing which the websites will be completely banned.[23]

The Trademark infringement case was decided by Delhi High Court On the basis of Facebook Pages.[24] In another case the case related to child custody was decided on the basis of facebook activities.

From these discussions it is evident that slowly & steadily the Indian Legal system is accepting & adopting the technological aspects of the new generation case law & that the new advancements cannot be ignored.

Recently Developed Legal Regime On Social Media Usage In India

The Ministry of Electronics and Information Technology published the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 in February. The Rules give social media intermediaries three months to comply with the New IT Rules, giving all social media platforms until May 26, 2021 to comply with the new rules.[25]

Significant social media intermediaries are those with more than a certain number of registered users in India (SSMIs). SSMIs must conduct further due diligence, such as appointing compliance personnel, in order to identify the first source of information on their platform. Under particular situations, and on a best-effort basis, employing technology-based techniques to detect certain categories of information. The rules provide a framework for online publishers to regulate news and current affairs, as well as selected audiovisual content. In order for users or victims to resolve their issues, all intermediaries must provide a complaint method. A three-tier complaints mechanism has been mandated for publishers with different levels of self-regulation.[26]

Recent Important Judgments

In Balu Gopalakrishnan v. State of Kerala[27] the high court clearly lay down that before giving access to the US Company, the consent of the citizens should be taken and made the government accountable.
Subhranshu Rout @ Gugul v. State of Odisha[28] the high court observed the importance of right to be forgotten with respect to women’s security.

It is quite clear that there might not be one specific legislation to regulate and administer the data privacy issues but the hon’ble Supreme Court has recognized and acknowledged the concerns and has far sightedness and broad interpretation while judging. This approach also highlights that there is need of change in regulatory regime of data privacy issues.

Chapter 4

Data Privacy: Judicial Interpretation, Legislations And Issues:

A data is a representation, information & knowledge which have to be processed by a computer network.[29]

As per Article 21 of the Constitution of India, “No person shall be deprived of his life or personal liberty except according to procedure established by law”. Though, the Constitution of India does not explicitly recognize ‘right to privacy’ as a fundamental right.[30]

In M. P. Sharma and Ors. v Satish Chandra, District Magistrate, Delhi and Ors[31] the right to privacy was recognized as a fundamental right for the first time. Surveillance was considered as an infringement of fundamental right in the landmark judgment of Kharak Singh v State Of Uttar Pradesh & Others[32]. The meaning of personal liberty with respect to body autonomy was described in the case of A.K Gopalan v State of Madras[33]. One of the most fundamental right i.e. Right to be left alone which is primarily being infringed by the social media networks was recognised in the case of R. Rajagopal and Anr. v State of Tamil Nadu[34]. Right to privacy was held as a part of right to life in the case of People’s Union for Civil Liberties (PUCL) v Union of India[35]. The most iconic & historical judgment related to right to privacy which states that life & liberty are inalienable rights and that the right to privacy is constitutionally guaranteed under Article 21 is the K. S. Puttaswamy (Retd.) v Union of India[36].

 It is pertinent to note that the Aadhar Card Scheme was also accused of being invader of privacy.

As stated by Justice D.Y Chandrachud, “Informational privacy is a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the state but from non-state actors as well. We commend to the Union Government the need to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the state. The legitimate aims of the state would include for instance protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits.”

The Laws With Respect To Protection Of Data & Social Media

The main acts defining personal information & data are the IT Act 2000 & Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal information) Rules, 2011 (the “IT Rules”). In this Rule 5 has put limitation in obtaining the data only for legal purpose. Other important sections are 43A, 66C, etc. The intermediaries are also held accountable under section 72A for illegally collecting & sharing the data.[37] The Right to Information Act, 2005 was also subsequently enacted for the citizens to access information from government.

Regulatory authorities- The licensee, i.e. the telecommunication provider, is required to comply with clauses 37, 39, and 42 of the Unified Access Service License and clause 42 of the Cellular Mobile Telephone Service License. To ensure that client information is kept private, adhere to strict confidentiality standards. The Cyber Cafe Rules, 2011 also allowed inspection of the cafes by the authorities to maintain security.[38]

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”), Aadhaar (Data Security) Regulations, 2016 (“Aadhaar DS Regulations”) and Aadhaar (Sharing of Information) Regulations, 2016 (“Sharing Regulations”) ensures authorities and prohibits sharing personal biometric data.

Chapter 5

Analysis Of Internet Privacy In India:

The realm of the term privacy on the internet is constantly changing which includes not only the personal information but also ISBN number, the keywords used in searches, the search history, the clicks , the cookies are all used to process the information of a person.[39]

As the information available on the internet is always unclear in the way it has been posted & about the relevant sources so for this the proper research centers should be made and one such initiative has already been taken by Mumbai police by establishing “social media labs.“ The concern is rising over and over again because the cyberspace has no jurisdiction and it is borderless. Till now the nations have not adopted any such method to define the jurisdictions.

In the official document released by the Ministry of Electronics and Information Technology (MeitY) also the concerns have been mentioned, the vision is given that the data of the citizens would be protected along with the plan to widen the ambit of IT Act, 2000 but the mechanism by which it would be done is not given. For governing & monitoring the business also there is no effective body or legislation. It’s just the definition of “body corporate” under the SPDI rules and that too it is not restricted within the jurisdiction of India.

Chapter 6

Conclusion And Suggestions

Conclusion

From the above discussion, the researcher’s hypothesis has been proved. It is evident that the social media platforms are invading the privacy of individuals for their own profit without acknowledging the dangers involved in that. The PIL under Delhi Court and later the decision by the hon’ble court gives a clear picture that the concerns are not hypothetical rather a reality for which the national governments aren’t even technically prepared. The research questions of the researchers have been answered by this research that privacy is a fundamental right enshrined within the purview of Constitution of India and that the activities of these social media organizations is nothing but violation of human and constitutional right. It has also been proved by this research that India lacks a central legislation for addressing all the data and privacy related concerns and the laws are shattered. There is no mechanism with government through which they can monitor the activities of these sites.

Suggestions

Following are the suggestions through which the Privacy issues generated by social media can be curbed:

The Mumbai Police Model of Establishing the “Social Media Labs” to research about the origin and sources of the information should be established in every state. These must not be limited to research upon the source but rather for monitoring the organizations as well.
The EU Model should be followed in India and softwares should be developed for these organizations through which every time they offer cookies or any accepting policy that should be notified at that software also for monitoring.
The Citizens must be given the benefit of choice to either opt in or opt out and it should be checked that no undue demands for acceptability of the terms/conditions are made by the companies.
The Data Protection Bill should be enacted as soon as possible.

Bibliography

Primary Sources

THE CONSTITUTION OF INDIA, 1950
THE INDIAN PENAL CODE, (45 OF 1860)
THE CODE OF CRIMINAL PROCEDURE, (2 OF 1974)
THE INFORMATION TECHNOLOGY ACT, 2000 (21 OF 2000)
INFORMATION TECHNOLOGY  (INTERMEDIARY GUIDELINES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021
THE PERSONAL DATA PROTECTION BILL, 2019
RIGHT TO INFORMATION ACT , 2005
CYBER CAFE RULES ,2011
THE AADHAAR (TARGETED DELIVERY OF FINANCIAL AND OTHER SUBSIDIES, BENEFITS AND SERVICES) ACT, 2016 (“AADHAAR ACT”)
AADHAAR (DATA SECURITY) REGULATIONS, 2016 (“AADHAAR DS REGULATIONS”)
AADHAAR (SHARING OF INFORMATION) REGULATIONS, 2016 (“SHARING REGULATIONS”)
Secondary Sources

Books:

Room Stewart, Waterhouse Fisher Field, Butterworths Data Security Law & Practice, 1st edition, LexisNexis.

Journals:

Bhandari Vrinda ,’Privacy Concerns In The Age Of Social Media’, (2018-19) Vol. 45, No. 3/4 https://www.jstor.org/stable/45129854?seq=1#metadata_info_tab_contents
Glac Katherina, Elm R Dawn and Martin Kirsten,’ Areas of Privacy in Facebook: Expectations and Value’, (2014) Vol. 33, No. 2/3, Business & Professional Ethics Journal https://www.jstor.org/stable/44074811

Kittane Purushottam, Serah Inika, Aaron Charles, Gokhale Gowree kamath,’ Privacy and Data Protection – India Wrap 2020’ (2021) Volume XII Number 49, The National Law Review https://www.natlawreview.com/article/privacy-and-data-protection-india-wrap-2020
Govindarajan Vijay, Anup Srivastava Anup, and Enache Luminita,’ How India Plans to Protect Consumer Data, (2019), Harward Business Review https://hbr.org/2019/12/how-india-plans-to-protect-consumer-data
Belapurkar Radhika,” Information Privacy concerns and Surveillance in Social Media”,(2018) https://www.ijlmh.com/wp-content/uploads/2019/03/Information-Privacy-concerns-and-Surveillance-in-Social-Media.pdf