Authored by Shreeya Patil, a 2nd year student, pursuing law at Symbiosis Law School, NOIDA
Abstract
The aim of this essay is to explore the contemporary challenges to privacy posed by social media and the digital age, emphasising the growing concerns over data misuse and breaches. It underlines the critical role of privacy as a cornerstone of individual freedom, acknowledging the delicate balance required in the digital age. The essay scrutinises the impact of social media platforms on individual privacy, citing examples such as the Cambridge Analytica scandal and recent privacy policy amendments by major social media platforms while also discussing legislative responses taken to strengthen the right to privacy amidst technological advancements, emphasising transparency, fairness, and autonomy over personal data in India.
Introduction
The often used word privacy is a fundamental facet of personal liberty and one of the most valued aspects for human beings. Privacy, in its foundational understanding, denotes freedom from incursion and has long been seen as an inalienable natural right of humanity. The inception of the right to privacy stems back to the 1890s, when influential thinkers like Samuel D. Warren and Louis Brandeis proposed that the “right to privacy” ought to be incorporated into the horizon of right to life.
The acknowledgement of the “right to privacy” as a fundamental right in India took time and was subject to judicial scrutiny from the inception of the Indian Constitution. Initially, in Kharak Singh v. State of U.P., Justice Subba Rao's minority opinion deemed the right to privacy as "an essential ingredient of personal liberty." However, at that point, it was not officially recognised as a “fundamental right,” and its status remained uncertain.
Nevertheless, a nine-judge Supreme Court panel in the case of Justice K.S. Puttaswamy v. Union of India in 2017 restated the recognition of the right to privacy as a fundamental right under Article 21 of the Constitution of India. They went on to emphasize that the right to privacy was not only intricately linked to the liberties safeguarded by diverse fundamental rights but also represented an intrinsic aspect of dignity, autonomy, and liberty. In the global arena, the right to privacy is likewise seen as a critical and fundamental human right and is bolstered by an effective foundation. Article 12 of the Universal Declaration of Human Rights, 1948 (UDHR) and Article 17 of the International Covenant on Civil and Political Rights, 1966 (ICCPR) are two influential and authoritative international treaties that ensure and protect individuals from "arbitrary interference" in their private matters and personal lives.
The significance of the “right to privacy” has heightened in contemporary times, owing mostly to the growing influence of social media and the internet in today's digital landscape. A substantial amount of concern and fear has been voiced in recent times around the enormous amount of private information stored in computer files. The “right to privacy” “pertains to an individual's right to regulate the collection, utilisation, and dissemination of their private information.” Social media has evolved into a potent instrument that facilitates individuals in connecting, collaborating, and sharing ideas and information globally. It has garnered widespread popularity worldwide, connecting millions of individuals through the digital medium. Advancing technology allows people to store their personal data in digital spaces, but the growing misuse of technology by nefarious elements has raised concerns about the privacy of individuals' data. Social media networks extract private information on individual actions, hobbies, personality traits, perspectives on politics, and internet patterns, and misuse of such private information poses a grave threat to the “right to privacy” of individuals as enshrined in the Indian Constitution.
Social Media and Right to Privacy: How to strike a balance?
Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet. - Gary Kovacs
The internet has permeated every facet of existence, with modern technology skillfully weaving it all together. People establish connections with others and employ social media as a medium for communication. Furthermore, digital space functions as a platform for engaging in business transactions, procuring goods and services, accessing new information, and streamlining ordinary operations such as banking. With every internet transaction, the user unknowingly leaves electronic tracks that contain powerful means of information that provide knowledge about the user and their interests. In such an information age, which has been purported as “an era of ubiquitous dataveillance, or the systematic monitoring of citizen’s communications or actions through the use of information technology”, there exists a greater threat to the right to privacy of people as underscored in the Justice K.S. Puttaswamy v. Union of India.
The consideration of incorporating the “right to privacy” into the Indian Constitution has been a subject of judicial scrutiny since its establishment, as it was never explicitly stated. The matter of recognising the “right to privacy” under Part III of the Constitution was raised during the M.P. Sharma v. Satish Chandra case, wherein the court decided not to make that determination. In the Kharak Singh v. State of U.P., although privacy was acknowledged, it was not yet deemed as an essential right, however, in PUCL vs Union of India, the court affirmed citizens' private interests and implemented legal safeguards to protect people's right to privacy against telephone tapping.
The landmark decision in Justice K.S. Puttaswamy v. Union of India, which revolved around Aadhaar, a government initiative providing a unique identification to Indian residents, confirmed the “right to privacy as a fundamental right” under Article 21. Article 21 safeguards the "Right to life and personal liberty" as part III of the Indian Constitution.
In the digital age of today, the “right to privacy” is significantly jeopardised by the growing dependence of individuals on the internet, particularly on social media platforms and such potential risk to private data becomes pronounced as individuals interact with technology. The watershed ruling of the nine-judge bench underscored concerns about the potential loss of privacy for individuals, cautioning against both state and non-state entities. This heightened risk arises from the increased interaction of individuals with technology, which has the capability to gather, archive, and mine information for the purpose of profiling individuals. On the one hand, social media portals give an effective platform for freely expressing oneself to an extensive demographic; however, on the other hand, they risk exposing the crucial confidential personal information of consumers.
The utilisation of "electronic tracks" by various social networking platforms to gather data from users for personalisation or targeted adverts poses an enormous threat to individual privacy. Moreover, extensive broadcasting of personal information on social media outlets is intrinsically injurious to individual privacy. Platforms like Facebook have frequently been embroiled in controversies regarding privacy and user security. Even during its nascent years, it was observed that Facebook’s algorithm was saving the incomplete posts and comments of the user even before it could be posted as “metadata.” These concerns regarding user data were substantiated, particularly after the notable data privacy breach incident in the 'Cambridge Analytica Scandal,' in 2018, where the data and records of millions of people were harvested from Facebook by the data-harvesting enterprise Cambridge Analytica leading to infringement of “right to privacy” of the users.
Concerns over possible invasions of people' “right to privacy” have been prompted by recent privacy policy amendments made by X (formerly Twitter), which permit the collection of users' biometric data. In a similar vein, the Supreme Court of India is currently reviewing the privacy regulations that WhatsApp notified in 2016 and in 2021 after its takeover by Facebook in the case of Karmanya Singh Sareen & Anr. v. Union of India & Ors. The lawsuit seeks to uphold Indian residents' data and “right to privacy.” According to WhatsApp's 2016 privacy policy, any consumer data published with the app will also be transmitted to Facebook, the parent organisation. The amended policy in 2021 stipulated that consumers would be unable to opt out of transferring data with Facebook if they intended to keep using the app; otherwise, their profile would be terminated. The present situation constitutes an imminent risk to the citizens' “right to privacy.”
Another cause of concern regarding privacy is the long-term preservation of information on social networking services. For instance, Facebook's terms of use render it the liberty to archive private data indefinitely, establishing an irreversible extent of control over personally identifiable information. Consequently, even when a user wishes to cease using the social network, the data they provide remains beyond their control. Even the social media apps that are no longer operational in India, such as Tik-Tok can reportedly still continue to access data of Indian users from the app and are able to mine updated data and information of the individuals using the previously existing data which was stored on the app even after the app has been banned in India since 2020. This presents an enormous threat to the privacy of users’ data, which nevertheless remains readily obtainable in the contemporary digital landscape and can be exploited by networking software to mine and profile updated information that relies on existing data. If unauthorised parties were to obtain such sensitive data, the implications may be catastrophic while jeopardising people's safety and causing a grave infringement on their right to privacy as guaranteed by Article 21 of the Indian Constitution.
Legislative Framework on the Right to Privacy
In light of escalating apprehensions over the privacy of individuals' data on social media, there arose a necessity for a resilient and all-encompassing legal framework to govern the data protection landscape and uphold the privacy rights established under Article 21.To protect people' data and privacy, the Indian Parliament adopted the highly anticipated 'Digital Personal Data Protection Act '("DPDPA") in August 2023 which represents a significant achievement as India's inaugural comprehensive legislation for data protection.
Prior to the current legislation, data privacy was partially protected under the Information Technology Act of 2000 and the Information Technology (Reasonable security practises and procedures and sensitive personal data or information) [SPDI] Rules of 2011, but these statutory provisions were deemed insufficient to adequately safeguard citizens' right to privacy.
The 'Digital Personal Data Protection Act 2023' outlines a structure for addressing digital personal data which preserves citizens' right to privacy while also embracing that the handling of such data is crucial for legitimate objectives, such as associated or incidental issues. The Act strongly entrusts data principals with control over their personal data, forbidding the storage and use of their data without express authorization—with the exception of some admissible situations in which an innovative concept known as "deemed consent" is incorporated. It also grants individuals the right to seek redress for grievances and the authority to designate individuals who will receive their data. It also gives individuals the right to seek redress for grievances and the authority to decide who will obtain their data. In addition, the Act incorporates the "right to erasure," enabling users the ability to ask for an erasure of their personal information, offering them greater control over their online identity while also outlining commitments to entities identified as "data fiduciaries," which are in charge of gathering, archiving, and utilising digital personal data.
It also gives individuals the right to seek redressal for grievances and the authority to decide who will obtain their data. Moreover, the legislation incorporates the "right to erasure," granting users the capability to request the deletion of their personal information which enhances individuals' authority over their online identity. It is pertinent to note, however, that the Act does not explicitly incorporate the "right to be forgotten" as a separate provision, despite its acknowledgment as a crucial element within Article 21 under the aegis of the "Right to Privacy." The Act further highlights its commitment to responsible data management by outlining the responsibilities of organisations designated as "data fiduciaries," which are in charge of gathering, storing, and utilising digital personal data.
Therefore, by promoting transparency, fairness, and autonomy over personal data, the ‘Digital Personal Data Protection Act 2023’ fortifies the “right to privacy” guaranteed by Article 21 of the Indian Constitution
Conclusion
As a cornerstone of individual freedom, privacy is a concept that is extremely essential for humanity. The right to privacy is rooted in human nature's unalienable rights and has historical relevance. In India, the acknowledgment of the right to privacy went through a transforming journey before being affirmed as a fundamental right by a nine-judge Supreme Court bench in the \Justice K.S. Puttaswamy v. Union of India case.”
In the contemporary era, dominated by the pervasive influence of social media and the internet, has elevated the significance of privacy. Concerns have arisen due to the extensive storage of private information and the potential misuse of technology, particularly by malevolent actors. While social media creates a platform for global exchange and cooperation, it also exposes to individual privacy due to the extraction and utilisation of personal information.
The ever-evolving digital landscape necessitates a careful balance between privacy protection and technological progress and The ‘Digital Personal Data Protection Act 2023’ represents a significant step towards maintaining this balance and preserving the essence of personal liberty in the ever-expanding digital landscape.