Research Methodology and Legal Writing

3rd Internal Assessment

Report on Empirical Study of

“Data Protection laws in India to safeguard Privacy in Social Media- A Facebook Case
Study”

Date of submission
08th January, 2021

Submitted to
Prof: Dr. Manika Kamthan

Submitted by
Name: KABIR QURAISHI

PRN: 20010143037

LL.M. 2020-2021

1
 DECLARATION

The paper titled “Data Protection laws in India to safeguard Privacy in Social Media- A
Facebook Case Study” submitted to Symbiosis Law School, Pune, for the subject Research
Methodology & Legal Writing as part of internal assessment is based on my original work
carried out under the guidance of Prof: Dr. Manika Kamthan, Symbiosis Law School, Pune.
The research work has not been submitted elsewhere for award of any degree. The material
borrowed from other sources and incorporated in this paper has been duly acknowledged..

Date:-08.01.2021
Kabir Quraishi

2
 ACKNOWLEDGEMENT

I am thankful to my research guide Prof : Dr. Manika Kamthan, faculty incharge for
Research Methodology and Legal Writing, for her through assistance and support all
throughout the prepration of this research paper.

My humble gratitude to librarian and staff of Symbiosis Law, Pune for providing
infrastructure in form of E-library which helped me to a great extent for this project.

Kabir Quraishi

3
 CERTIFICATE

This is to certify that the empirical research titled “Data Protection laws in India to
safeguard Privacy in Social Media- A Facebook Case Study” is prepared by Mr. Kabir
Quraishi of Symbiosis Law School, Pune under my supervision in the partial fulfilment of the
requirement for the award of the degree of L.LM. This empirical research is an independent
and the original work and forr for evaluation.

Date: 08/01/2021

Place: Pune
Prof: Dr. Manika Kamthan
Professor

4
 TABLE OF CONTENTS

SR.NO. PARTICULARS

1 Declration

2 Acknowledgment

3 Certificate

4 Preface

Chapter I - Introduction
5

6 Chapter II – Literature review

7 Chapter III – Theoretical framework

8 Chapter IV - Analysis based on the questionnaire

9 Chapter V - Conclusion

10 References

5
 Preface

In law and principle, for connecting with people and exchanging information the social media
platforms are introduced. In any case, in actuality, the position is unmistakably
differentiating. Along the progression of time the endorsers of social media stages for
example the Facebook have been confronting a ton of protection worries because of their
personal information being utilized by these platforms to get together with their business
procedures giving up the security of the account holders. The account holder is in a bad way
due to the click wrap contract endorsed between the Facebook and the user which will in
general be in the kindness of Facebook, incompletely because of his own obliviousness and
unresponsiveness. So as to uncover the consuming issues of protection issues identified with
clients interests, including the overall obliviousness and disregard pervasive among Indian
clients, the analyst directed an exact overview, based on which, the current examination paper
has been defined.

6
“Data Protection laws in India to safeguard Privacy in Social Media- A Facebook Case
Study”

Background: communicating to people has been evolved after Social media networks came
into the picture. Business cycles and social cooperation’s spin more in the internet. In any
case, as these digital innovations advance, clients become more presented to security dangers.
Administrative structures and lawful instruments as of now deficient with regards to a solid
digital presence are needed, for the assurance of clients.
Objectives: There is need to investigate and assess the degree to which users are presented to
weaknesses and dangers in the light of the current Protection laws and arrangements. Besides,
to explore how the current lawful instruments can be improved to all the more likely secure
clients.
Method: This research assesses and examinations these security challenges from a legalistic
perspective. This research is centered around Indian Facebook account holders. Survey data
assembled from the profile pages of clients at of Facebook was examined. A short study was
additionally gathered information results. Clear insights, including proportions of focal
inclination and proportions of spread, have been utilized to introduce the information.
Likewise, a blend of arranged and graphical depiction information was additionally summed
up in an important manner. Results: The outcomes obviously show that the lawful structures
and laws are as yet advancing and that they are not enough drafted to manage explicit digital
infringement of security.
Conclusion: This article remembers the need to audit lawful instruments for a normal
premise with more extensive discussion with users in an undertaking to build up a powerful
and an enforceable lawful system. A proactive lawful structure would be the ideal
methodology lamentably; law is receptive to digital wrongdoings.

7
 CHAPTER 1
Introduction
1.1. RESEARCH PROBLEM:

According to certain reports, it was suggested that about 40% Indians had internet access in
20181. Besides 45 million active users on internet, there are around 25 million active social
media users in India2. Considering that the data generated everyday is more than 2.5
quintillion bytes. On the social media, the personalised information, photo, videos, status are
updated by the users. Before accessing their services, the user accepts the terms and
conditions of the online agreements/ click wrap contracts. Such contracts are mostly of one
sided nature and favours social networking platforms, after the user uploads his personal
details on such site, it leaves his privacy to get exposed and when such social networking
sites tries to manipulate the user information and even trade it with the commercial viewpoint
to third parties, in turn exploiting the user as a potential buyer and thus, increasing the
possibility of data theft and breaches to privacy.

The survey is conducted in order to understand the opinion of legal professionals

on the relation between privacy rights of users and social media and the urgent need to enact
data protection laws.

1.2. OBJECTIVES
The paper aims to analyze and recognize the privacy issues relevant to the protect the data of
the Facebook users that have been fundamentally embedded in the click wrap contracts or the
agreements that are accepted by the users while signing up to use the services and the sale
such information to the third party is a gross violation of users privacy. Apart from that the
legal framework provided under the Information Technology Act, 2000 and Information
Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or
Information) Rules, 2011 seems to be largely ineffective.

1.2.1 RESEARCH OBJECTIVES

a. To examine the awareness about the contractual obligations among the users while
signing up the click wrap agreement of networking sites like facebook.

1
https://www.iamai.in/media/details/4990
2
https://www.iamai.in/media/details/4990
8
 b. To examine the user perspective in relation to their privacy violation issues of their
personal data posted to the social media platforms.
c. To examine the viewpoints of the legal professionals on click wrap agreements and
privacy concerns related to social media.
d. To examine the issue related to the exploiting of personalised user data by the
networking sites as a result of the click wrap contract agreed upon by the two parties
and the possibility of sustainability of such Contractual right although it violates the
right to privacy.
e. To suggest the immediate need for strict data privacy regulations on personal data
over the social networking platforms.
1.2.2. RESEARCH QUESTION:
a. What are the legal consequences for users while entering into a unilateral
agreement while signing up on facebook?
b. What are the required implications of such contractual obligations?
c. What are the potential legal options to reach a greater degree of privacy and data
monitoring that can be misused?
1.3.METHODS, METHODOLOGY AND TECHNIQUES :

1.3.1. RESEARCH METHODOLOGY:

The present research conducted by the researcher is in the form of a non-doctrinal or

empirical research. Empirical research includes research focused on findings and tests. The
key aspect on which the study is focused is the online questionnaire conducted by the
researcher and the answer to those questions. For this cause, the researcher has extensively
investigated the field of study by concentrating on particular problems and has precisely
prepared the questionnaire for the people having legal expertise and understanding on the
subject matter, given that the subject of this research has a socio legal aspect attached to it.
The findings are being presented after going through several articles and books on the subject
by the researcher.

1.3.2. METHODS:
The Researcher has focused upon the data collection process of the sampling survey. The
relevant data has been obtained by circulating the online questionnaires to the correspondents

9
living in and around the cities of Delhi NCR and Kolkata. For this reason, the Researcher has
abided to the uniform Blue Book (20th edition) method of citation.

1.3.3. TOOLS OF RESEARCH:

i. Survey
ii. Observational study
iii. Discussion
iv. Case study
v. Various research articles
vi. Analysis
vii. Inference

1.3.4. TIME AND PLACE OF DATA COLLECTION:

This empirical research has been carried out by the Researcher in the vicinity of the cities of
Gwalior and Delhi. Further, the data has been gathered by the researcher over a period of
about 7 days.

1.4. SCOPE AND LIMITATIONS

In this research paper, the researcher seeks to illustrate some of the most alarming problems
by the Facebook users as well as the ignorance of the users about their rights, obligations and
available relief. This is achieved by choosing a subject area and undertaking an empirical
research of the actual nature of issues. However such research is limited to the specific field
and deals with only number of problems. Whereas, in the field of social media, people face
numerous challenges, most of which do not come under the limits of this study. There are
also jurisdictional problems related to the settlement of conflicts arising out of a click wrap
deal. This leaves ample space for potential contributors to discuss the specifics of each topic
and undertake a detailed survey at national level.

CHAPTER II

LITERATURE REVIEW

10
To examine the effect of privacy problems on social media, i.e. in the case of Facebook, the
researcher took the help of following relevant literature.

Books on Social Media, Privacy and Internet

a. Nandan Kamath3 the book sheds light on the jurisdiction of cyber piracy on the
internet, domain names and their legal interaction. It also discusses the topics of
cyberspace surveillance, cryptography, encryption, national security and personal data
protection on internet and a viewpoint on the control of converging technology.
b. Laura Scaife4 It focuses primarily on social media and law, its usefulness, history, and
social media operations. Compares social media globally across diverse spectrums and
countries and addresses the legal classification scheme for social networking sites
(SNS). It also focuses on data security and surveillance and the history of data
protection regulation, the evolution of privacy legislations.
c. Pawan Duggal 5
focuses primarily on the laws related to mobile crimes. It addresses
other issues like introduction of mobile crimes, types of mobile crime, relevant
statistics, mobile privacy and the current legal status of mobile crimes across the
World.

Articles on Social media and Internet Privacy

1. Agnieza A. McPeak6 talks about the careful balance between the civil litigation,
Free data access and preventing the overreach. It also emphasise on how the privacy
issues in the social media can be further explored by demarcating the limits of civil
discovery as an element of proportional research.

2. Dr. Shivshankar Singh7 explains about the interconnection and close link between
data security and privacy. The article sheds light on the history of the privacy rights
and its evolution. It further elaborates about the civil and criminal liability along with
data security.

3
Nandan Kamath, Laws relating to Computers Internet & E-commerce (2013).
4
Laura Scaife, Handbook of Social Media and Law (2015).
5
Pawan Duggal, Mobile Crime and Mobile Law (2016).
6
Agnieszka A. McPeak, Social Media, Smartphones, and Proportional Privacy in Civil Discovery, 64 U. Kan.
L.Rev. 235 (2015)
7
Dr. Shivshankar Singh, Data protection and Privacy in india(2012)
11
 3. Stephen E. Henderson8The Article starts with a brief history of social media and then
elaborates upon the principle of privacy of information, followed by a discussion and
application of the governing constitutional law.

CHAPTER III
THEORETICAL FRAMEWORK

A. Introduction to Law and Social media.

Social Media Consumption

Social Networking has become identical to the concept of being able to reach people,
to make new contacts. In order to bring about contact with social media and the law, it
is important to understand the forms of social media used by people on a regular basis
and how the law defines them.

Background to development of social media

During the early years of internet, computer networking was proposed to promote
new modes of computer mediated social contacts. 9 . Efforts to promote social
networks via computer-mediated networking have been made in a range of early web
resources, including Usenet, ARPANET, LISTSERV and bulletin board services.
In the form of generalised online communities such as Theglobe.com(1995),
Geocities(1994) and Tripod.com, early social networking on the World Wide Web
began (1995). Getting people together across chat rooms to communicate with each
other and support users by offering user-friendly resources and free or affordable
online space to exchange personal information was the main focus of such
communities.
In the early 2000s, the next wave of networking sites launched. Makeoutclub was
founded in 2000, followed by Hub Culture and Friendster in 2002.

8
Stephen E. Henderson, Expectations of Privacy in Social Media,31 Miss. C. L. Rev. 227 (2012)
9
Starr roxxanne Hiltz and Murray Turnoff (1978) The Netwrok Nation : Human Communication via Computer,
New York : Addison-Wesley (Revised edition, 1993, Cambridge, MA : MIT Press)
12
 As a Harvard social networking site, Facebook was first launched in 2004. In early
2009, it became the world's biggest social networking site.10

Taxonomy of social networking data : Types of data Processed

Following types of data may be shared via social networking sites11.

Data provided to the social media website in order to create the

Service data user account using name, age, address, email id of the user.

Data that users share on their own website e.g. status

Disclosed data updates, photos, texts, etc.

Data posted on user pages, often identical to the content of

Entrusted data the data disclosed excluding that the user waives a degree
of ownership over the data once it is posted.

Incidental data Data uploaded by the users, e.g. tweets, images, etc.
Which others take and tags the user. The data is neither
controlled nor created by the user.

Data relating to the habits and preferences of the user.

The collection of data by keeping record of his activities
Behavioural data and his contacts.

Derived data User data derived from the other sources.

10
Kazeniac, A. (2009). Social networks: Facebook takes over top spot. Twitter Climbs. URL (last checked
September 2018) http://blog.compete.com/2009/02/09/facebook-myspace-twitter-social-network/
11
Laura Scaife, Handbook of Social Media and Law, 2015 pp.7.
13
 B. Right to privacy
Two of the most contentious “issues related to social media networks and their data
collection practises are how the data is handled and how privacy rights are protected.
The right to freedom of speech and information, as well as the right to privacy and
living with human dignity, may be threatened by social networking sites, which may
protect” unfair practises.

It has been proposed that such attacks are for a number of causes, including:
 lack of regulatory and procedural protections that can lead to the exclusion of
users;
 The option to monitor privacy settings
 Lack of user satisfactory privacy terms and conditions
 Lack of clarity in the compilation and distribution of personal data

Data privacy shall extend to persons and their rights (which may often be qualified)
pertaining to the use and removal of their data in accordance with their identities. In recent
years, these rights have become increasingly necessary, as technology has allowed the
processing, storage and conciliation of vast data pools.

According to Schoeman12, "Privacy" means an individual's demand, entitlement or right to

decide what information about him or her can be transmitted to others; the measure of power
that an individual has over information about himself or herself, the intimacy of his or her
personal identity or who has substantive access to him or her; and the state or circumstance of
restricted access to a person, information about him or her, intimacy of his or her personal
identity; However the above definition does not relate the effect of technology over the
privacy rights. Warren and Brandies in their famous article published in the Harvard Law
Review in 189013 elaborated he necessity to consider the right to privacy in common law was
due to the consequences of modern innovations of the era and the proliferation of business
practises unfamiliar up to that time. It is a topic that echoes the centuries and is still relevant
12
F.D. Schoeman(1984) Philosophical Dimesions of Privacy; An anthology, Cambridge :Cambridge University
Press; F.D. Schoeman(1984) Privacy :Philosophical Dimesions of Literature; Cambridge: Cambridge
University Press.
13
S.D. Warren and L.D. Brandies (1890) ‘The Right of Privacy’, Harvard Law Review,4(5):193-220.
14
today. According to Warren and Brandeis, newspapers invaded privacy in a negative way as
‘gossip is no longer the resource of the idle and the vicious, but has become a trade, which is
pursued with industry as well as effrontery’.14 Provided the growing use of Facebook posts on
day-to-day operations, big public affairs, political controversies, celebrity talks, etc. it can be
seen that, the pace at which content is disseminated on social media relative to print media,
has really improved a little.

Improvement of Right to privacy in India:

The right to privacy is a highly complex concept. In a contemporary society, right has been
identified both in the eye of the law and in general parlance. Article 21 preserves the right to
privacy and maintains an individual's integrity. In addition, the advancement of technology
has contributed to numerous concerns related to privacy rights and data security. Technology
has made it easier to view and transmit personal data. The privacy right means the specific
right of an individual to monitor the collection, use and dissemination of personal
information. Personal data can be in the form of personal interests, behaviour, accounts,
educational and financial records. If such data of an individual is deceptive or is transmitted
to a third party, he might be made liable. A dispute tends to arise between the right to privacy
and the data security. In particular, data security should balance these competing interests
with data. However, data security should be secured in such a way that it would not violate
their privacy rights. The Constitution of India under “Article 19(1)(a) provides the right to
freedom of speech and expression, which implies that a person is free to express his views
about certain things. A person has freedom of life and personal liberty which can be taken
subject to the procedure established by the law as provided under Article 21. The personal
liberty under Article 21 is of the widest amplitude and it covers a variety of rights which
constitute the personal liberty15 , privacy, autonomy, human dignity, human right, limited and
protected communication, etc.”

Right to privacy and Judicial activism:

By reading Articles 19 and 21, it can be deduced that “judicial activism has placed the right
to privacy into the realm of fundamental rights. The right to privacy has been accepted by the
14
S.D. Warren and L.D. Brandies (1890) ‘The Right of Privacy’, Harvard Law Review,4(5) :196.
15
Kharag Singh v. State of U.P., AIR 1963 SC 1295.
15
courts as an essential part of the right to life and personal liberty. In Kharag Singh case 16, the
Supreme Court of India has construed the right to life to mean the right to a dignified life. In
Gobind v. State of M.P.17 Mathew J., while delivering the majority decision, argued that the
right to privacy was itself a fundamental right, but subject to public interest limitations. In its
multiple decisions, privacy as such, interpreted by our Supreme Court, suggests different
things to different individuals. In R.M. Malkani v. State of Maharashtra18 The Supreme Court
observed that,” the court will not tolerate the safeguards for the protection of the citizen to be
imperilled by permitting the police to proceed by unlawful or irregular methods” 19 Telephone
tapping is a violation of privacy and freedom of speech and expression, and the Government
is thus forbidden to place a prior restriction on the dissemination of defamatory information
against its official and, if so, would be contrary to Articles 21 and 19(1)(a) of the
Constitution. In People’s Union for Civil Liberties v. Union of India 20 The Supreme Court
ruled that, without intervention, the freedom to have a phone conversation in the privacy of
one's home or office would clearly be contended as a right to privacy. In this case, the
Supreme Court laid down some rules for carrying out legal interceptions and even set up a
high-level oversight committee to evaluate the relevance of those interceptions. In State of
Maharashtra v. Bharat Shantilal Shah21, The Supreme Court held that, while the recording of
conversation represents a violation of the right to privacy of a person, it may be minimised in
compliance with the protocol validly prescribed by statute.”
In R. Rajagopal v. stae of T.N.22, the Supreme Court ruled that The plaintiffs have the
freedom to write, even without his consent or approval, what they claim to be the life
story/autobiography of the auto Shankar, as much as it appears from the public records.
Although they could be breaching his right to privacy if they go past that and print his life
story. The Constitution exhaustively listed the appropriate grounds for restricting freedom of
speech and expression under Article 19. “In Destruction of Public Property & Private
Properties v. State of A.P.23, The Supreme Court argued that the media should be directed by
the values of impartiality and objectivity in reporting; maintaining neutrality, fair reporting of
crucial issues, in particular crime, aggression, unrest and protest; vigilance in reporting on

16
Kharag Singh case, AIR 1963 SC 1295.
17
Gobind v. State of M.P., (1975) 2 SCC 148.
18
R.M. Malkani v. State of Maharashtra, (1973) 1 SCC 471.
19
R.M. Malkani v. State of Maharashtra, (1973) 1 SCC 471.
20
People’s Union for Civil Liberties v. Union Of India ,(1997) 1 SCC 301
21
State of Maharashtra v. Bharat Shantilal Shah, (2008) 13 SCC 5.
22
R. Rajagopal v. stae of T.N ,(1994) 6 SCC 632.
23
Destruction of Public Property & Private Properties v. State of A.P. (2009) 5 SCC212: (2009) 2 SCC(Cri)
629: (2009) 2 SCC (Civ) 451.
16
women and children and topics linked to national security; and respect for privacy. In
People’s Union for Civil Liberties (PUCL) v. Union Of India 24, The Supreme Court affirmed
that, where there is conflict between the right to privacy of persons and the right to
information of citizens, the former right must be subservient to the latter right, as it reflects a
broader public interest. In Sharda v. Dharmpal25, The Supreme Court ruled that a balance
must be preserved between the interests of the individual and the right to privacy”. At the end
of the day, it takes a balanced and convivial interrelationship between the common interest
and individual liberty.

Justice K.S. Puttaswamy(Retd.) and Anr. v. Union of India and ors 26is a landmark judgement
of the Supreme Court of India, which holds that the right to privacy is protected as a
fundamental constitutional right under Articles 14, 19 and 21 of the Constitution of India.
Much as our fundamental rights have been interpreted in the past to include the right of
education; to livelihoods; to food, water, and shelter; against custodial violence; women's
reproductive rights, among many others, they have now been interpreted as having the right
to privacy. Although constitutional rights are certainly enforceable against a State action, they
can also be applied with regard to private acts. This is what the petitioners are asking in the
ongoing Whatsapp case. Since they contend that Whatsapp's acts infringe their rights to
privacy, they urge the State to safeguard their constitutional right to privacy by enacting data
security regulations. Justices Chandrachud and Kaul's analysis of Internet company profiling
of users is primarily in the light of the proposal of the Data Protection Act, which, in other
words, is a recommendation that the State should uphold the constitutional right of privacy of
users vis-à-vis private companies. It is also doubtful that the legislation will be applied
against private corporations.

The Apex Court has also been criticised for recommending a consent-based privacy system
that might not be viable for new, disruptive use of data. However, with the exception of one
portion of the particular decision of Justice Kaul, it does not appear that the court expressly
endorses the consent-based framework.

It will therefore be beyond the scope of reference for the court to suggest a new form of data
security system. Rather, the court can be seen as proposing the implementation of a system

24
Union for Civil Liberties(PUCL) v. Union Of India , (2003) 4 SCC 399.
25
Sharda v. Dharmpa ,(2003) 4 SCC 493.
26
Justice K.S. Puttaswamy(Retd.) and Anr. v. Union of India and ors (2017) 10 SCC 1: AIR 2017 SC 4161.
17
for data security, the mode of which is left to the administrator. To the point, if there are any
recommendations as to the mode of the data security system, they will not be binding.

However, even though multiple references to the consent in the decision may be taken to
justify a consent-based data security system, we need to determine whether the consent can
be revoked in full. Any suggested replacements of the standard 'I accept' mechanisms, such as
where the data subject restricts access to the information from third parties, are based on
consent. What they're doing is changing the onus of acceptance to be more user-centric.
Going into a true accountability system, where the consumer entrusts the State with the
security of its privacy interests could undermine the autonomy of advanced users. So instead
of giving it our absolute approval, we should instead re-imagine it in a way that encourages
creativity but still retains freedom.

What is Data Privacy?

Data privacy is appropriately defined as the proper use of data. “If businesses and traders use
the data or information given or delegated to them, the data should be used for the purpose
accepted. The need to protect strict privacy of data is more strictly applicable to the collection
of personal data, such as medical records, financial data, criminal records, political records,
business-related information or website data, but at a time when most of the personal
information is widely exchanged and available through large social media channels, the
strictness of privacy of data has become more useful than ever in context of data shared.”

Why is Data Privacy Important?

Along systematised data “digitisation and online contact and transaction forms, users are
obliged to disclose personal information at every stage in order to use vital services. All this
data is stored in vast databases, repositories of the world's personal data, and the user would
never be sure who does or does not have access to these repositories of data. The only
obstacle stands between the user and the disreputable misuse of his/her personal data revealed
is by states, companies or even” crime syndicates, is the dubious world of data privacy
regulation.

As a result of these issues, data privacy regulations have begun to be implemented in

developing nations. Data privacy regulations actually apply, in some way or another, in more

18
than 100 countries around the world. .But with rising online risks such as hacking, malware,
identity theft, e-commerce fraud, cyber-stalking, cyber-bullying, to name just a few, data
protection controls have become a priority concern for the international community

Data Privacy and Social Media

The whole problem of privacy infringement has been re-examined in “the light of the fact
that there are no globally agreed security platforms or conventions or rules, and that privacy
is a relative term that is addressed by the various jurisdictions in their national laws, bearing
in mind the social and economic, progress of the country. Although the whole concept of
social media can seem tantamount to data privacy, social media depends on empowering
users to willingly reveal and exchange personal information and media among diverse groups
of people, it is for this very purpose that the need for data security and privacy is becoming a”
major concern in this area.

In 2012 Facebook Ireland Limited Re-audit report: Data Protection Commissioner outlined
the results of the analysis in the following “areas of concern for data protection; ‘Privacy
policy, Advertising, Access requests retention, Cookies and plug-in, Third party apps,
Disclosure of content to third parties, Facial recognition and tags, Data security, Deletion of
accounts, Friend finders, Posting on other users and groups profile pages, Facebook credits,
Profiles of individual using the site under an alias name, Reporting abusive content and
behaviours, Compliance systems put in place by the site, Site governance.”

The real question is, because Facebook's social networking site is free of charge, should
Facebook be allowed to infringe the rights of any individual? Regardless of the terms &
conditions that the person agreed before signing with Facebook, can the terms and conditions
be described as not consonant with the fundamental principles of privacy set out in Article 21
and thus not enforceable?

Considering that more than 2.5 million bytes of data are accessed every day, the likelihood of
violations of data privacy is greater than ever before and just as important. It is becoming
urgently imperative that the government approach this issue as seriously as the Apex Court
has done and take active statutory measures to protect the privacy of its people.

19
Facebook is the largest social media platform with 2.5 billion active users. More than a
quarter of the world’s 7 billion humans are active on Facebook. Here are some more
intriguing Facebook statistics27:

 1.5 billion Users are involved on Facebook every day.

 Europe has over 307 million users on Facebook.
 Five new Facebook accounts are generated every second.
 More than 300 million images are posted every day.
 510,000 comments are made per minute and 293,000 statuses are updated.

Although, Facebook is the largest social network, Instagram (also operated by Facebook) has
shown remarkable growth. Here’s how this photo-sharing platform contributes to our data
deluge:

• There are 600 million Instagrammers; 400 million online every day;
• Every day 95 million images and videos are posted with Instagram.
• 100 million users use the Instagram Stories functionality every day.

Indian Scenario:
India has around 241 million Facebook users, highest in the world. Facebook is reporting a
total “potential audience” of 241 million active users in India, compared to 240 million in the
US.28

CURRENT LEGISLATIONS IN INDIA FOR PROTECTION OF DATA

The Constitution Of India:

The Constitution “of India does not patently grant the fundamental right to privacy. However,
the courts have read the right to privacy into the other existing fundamental rights, ie,
freedom of speech and expression under Art 19(1)(a) and right to life and personal liberty
under Art 21 of the Constitution of India. However, these Fundamental Rights under the
Constitution of India are subject to reasonable restrictions given under Art 19(2) of the

27
https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do-we-create-every-day-the-mind-
blowing-stats-everyone-should-read/
28
https://www.livemint.com/Consumer/CyEKdaltF64YycZsU72oEK/Indians-largest-audience-country-for-
Facebook-Report.html?utm_source=scroll&utm_medium=referral&utm_campaign=scroll
20
Constitution that may be imposed by the State. Recently, in the landmark case of Justice K S
Puttaswamy (Retd.) & Anr. vs. Union of India and Ors., the constitution bench of the Hon'ble
Supreme Court has held Right to Privacy as a fundamental” right, subject to certain
reasonable restrictions.

Currently, India doesn't have any express enactment administering information security or
protection. Be that as it may, the pertinent laws in India managing information insurance are
the Information Technology Act, 2000 and the (Indian) Contract Act, 1872. India's current
laws on information security are much smaller in extension. The essential rules administering
information protection are the Information Technology Act, 2000 (IT Act) and the
Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Data or Information) Rules, 2011 (Privacy Rules).

Information Technology Act, 2000 arrangements with the issues identifying with installment
of remuneration (Civil) and discipline (Criminal) if there should be an occurrence of
improper exposure and abuse of individual information and infringement of legally binding
terms in regard of individual information.

Information Technology Act, 2000

The Information Technology Act, 2000 (hereinafter referred to as the "IT Act") “is an act to
provide legal recognition for transactions carried out by means of electronic data interchange
and other means of electronic communication, commonly referred to as "electronic
commerce", which involve the use of alternative to paper-based methods of communication
and storage of information to facilitate electronic” filing of documents with the Government
agencies.

According to “section 69 of the IT Act, any person, authorised by the Government or any of
its officer specially authorised by the Government, if satisfied that it is necessary or expedient
so to do in the interest of sovereignty or integrity of India, defence of India, security of the
State, friendly relations with foreign States or public order or for preventing incitement to the
commission of any cognizable offence relating to above or for investigation of any offence,
for reasons to be recorded in writing, by order, can direct any agency of the Government to
intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any
information generated, transmitted, received or stored in any computer resource. The scope of
section 69 of the IT Act includes both interception and monitoring along with decryption for
the purpose of investigation of cyber-crimes. The Government has also notified the
21
Information Technology (Procedures and Safeguards for Interception, Monitoring and
Decryption of Information) Rules, 2011, under the” above said legislation.

“Government has additionally advised the Information Technology (Procedures and

Safeguards for Blocking for Access of Information) Rules, 2011, under segment 69A of the
IT Act, which manages the hindering of sites. The Government has impeded the entrance” of
different sites.

Punishment for damage to Computer systems in the IT Act

Section 43 of the IT Act, imposes a penalty without prescribing any upper limit, doing any of
the following acts:

1. Gets to or ties down admittance to any computer, computer framework or computer

organization;

2. Copies, extract any data or download, computer information base or data from such PC,
PC framework or PC network including data or information held or put away in any
removable stockpiling medium;

3. Acquaints or causes with be presented any PC toxin or PC infection into any PC, PC
framework or PC organization;

4. Harms or causes to be harmed any PC, PC framework or PC organization, information, PC

information base or some other projects living in such PC, PC framework or PC organization;

5. Disturbs or causes interruption of any PC, PC framework or PC organization;

6. Decline or makes the forswearing of access any individual approved to get to any PC, PC
framework or PC network using any and all means; (g) gives any help to any individual to
encourage admittance to a PC, PC framework or PC network in contradiction of the
arrangements of this Act, rules or guidelines made thereunder;

7. Levy the administrations profited of by an individual to the record of someone else by

altering or controlling any PC, PC framework, or PC organization, he will be subject to pay
harms via remuneration to the individual so influenced.

22
8. Demolishes, erases or changes any data living in a PC asset or lessens its worth or utility or
influences it damagingly using any and all means;

9. Take, disguises, pulverizes or changes or makes any individual take, hide, wreck or adjust
any PC source code utilized for a PC asset with an expectation to cause harm.

Altering Computer Source Documents as accommodated under the IT Act, 2000

U/s 65 of the IT Act sets out that whoever purposely or purposefully disguises, devastates, or
adjusts any PC source code utilized for a PC, PC program, PC framework or PC organization,
when the PC source code is needed to be kept or kept up by law for the time being in power,
will be culpable with detainment as long as three years, or with fine which may reach out up
to Rs 2,00,000 (approx. US$3,000), or with both.

Computer related offences

Section 66 gives that if any individual, insincerely or falsely does any demonstration alluded
to in area 43, he will be culpable with detainment for a term which may reach out to three
years or with fine which may stretch out to Rs 5,00,000 (approx. US$ 8,000)) or with both.

Penalty for Breach of Confidentiality and Privacy

U/s “72 of the IT Act accommodates punishment for penetrate of classification and security.
The Section gives that any individual who, in compatibility of any of the forces presented
under the IT Act Rules or Regulations made thereunder, has tied down admittance to any
electronic record, book, register, correspondence, data, report or other material without the
assent of the individual concerned, uncovers such material to some other individual, will be
culpable with detainment for a term which may reach out to two years, or with fine which
may” stretch out to Rs 1,00,000 or with both.

Analysis of Facebook’s Data Policy

Given its set of experiences of ignoring clients “security concerns, Facebook has broken its
Data Use Policy into various parts, in a conspicuous undertaking to make it more understood.
It has in like manner denied enormous quantities of the baffling legal articulations regularly
used in security strategie. Still it is around 8,700 words.”
23
All data that the clients share are recorded by Facebook. (Notwithstanding the way that it
can't by and large confer that information to supports or different pariahs) Likewise it
additionally approach information on “other Facebook clients share about you on Facebook.
At last, it can get to a combination of information from the locales you visit through its
"Like" button — whether or not you're not endorsed into Facebook by then. In all honesty,
you don't should have a Facebook account at all for the casual network to get together
explicit snippets of data.”

Expecting you do have a Facebook account, here is a brisk as-conceivable rundown of the
data Facebook is likely gathering on you:-

1. NAME
2. AGE
3. GENDER
4. EMAIL
5. NETWORKS
6. PHOTOS
7. VIDEOS
8. TAGS AND FACIAL DATA
9. WHICH PROFILE YOU LOOK AT
10. WITH WHOM YOU CHAT ON FACEBOOK MESSENGER
11. RELATIONSHIP STATUS
12. LIKES
13. LIST OF FAVOURITE THINGS
14. POLITICAL AFFILIATION
15. WHICH WEBSITES YOU VISIT
16. ANYTHING YOU PURCHASE FROM FACEBOOK CREDIT
17. BROWSER TYPE
18. OPERATING SYSTEM
19. IP ADDRESS
20. GPS LOCATON
21. USER NAME

24
 22. USER ID

Facebook allows you to make certain information private, or to make “all of your information
public. However, even if you adjust your privacy settings to make everything private, some
information is public, no matter what you do. All public information can be seen by anyone,
even if they do not have a Facebook account” and “anyone” includes other websites, games,
and various Web applications. Always-public information – what Facebook” refers to as your
“basic info” — includes:

1. Name
2. Profile Pictures
3. Cover Pictures
4. Gender
5. Username
6. User ID
7. Comments

Personal information: Facebook permits you to make a large portion of the data you share
private. What "private" signifies is up to you. You can either impart to every one of your
companions, or utilize the "tweak" sharing choice open on every announcement box, which
allows you to share the notice or photograph with specific individuals, however not others.

How Facebook utilizes your information

This segment is effectively quite possibly the main pieces of Facebook's Data Use Policy —
it has "information use" directly in the name! It is additionally effectively the most
befuddling, part of the entire record.

Facebook is, by all measures, a publicizing organization — that is the means by which it
brings in cash. The manner in which it sells promoting is by gathering the entirety of the
previously mentioned data about its clients, at that point utilizing that information to sell
"directed advertisements" — advertisements that you are bound to tap on than advertisements
made for just anybody.

25
 Chapter IV

Analysis based of questionnaire

The accompanying examination depends on the Questionnaire that was circulated and topped
off by attorneys, law understudies, digital law specialists just as experts from non lawful
foundation in particular organization and media transmission engineers, computer
programmers, and showcasing experts.

26
27
28
29
30
31
32
33
Empirical data analysis:-

 Facebook has almost 75 % of legal professionals regular users.

 But just 20 % of clients figure out how to peruse & comprehend the terms and
conditions prior to clicking 'I Agree' consensual click wrap arrangement
 80% “of the professionals opine that such contracts are unilateral contracts and are not
conscionable and gives Facebook unrestricted access to use their data. Also same
percentage of people strongly feel that there should be room for some negotiations
before surrendering their privacy to social media giants instead of their take it or leave
it policy.”
 90% “of the professionals have been targeted by the online Advertisements based
upon their interests, the data of which is available on Facebook. The third party
intrusion has been taken very seriously by the respondents and think it is an intrusion
in their private space thus affecting their right to privacy.”
 Facebook have permission to access “users phone numbers, Facebook Mobile App
having access to call logs and other details. As per the Government norms the mobile
numbers are to be linked with the Aadhar Unique Identification Number. This UID is
linked with the Bank Accounts. When asked to the respondents 85% of the
professionals sensed a threat of their data not being safe. If Facebook has such
personalised data which in turn might be very sensitive data in the domain of certain
transactions. If the Facebook uses such sensitive data and creates a business model by
a involving a third party, it would be a serious issue for financial institutions dealing
with such data as it can be misappropriated at any stage given the weak infrastructural
issues we have in India. If further aggravated it might possibly become a national”
security issue.
 Around “95% of respondent professionals were of the opinion that there should
exclusively be a Data Protection Law in India to look into such matters of data
privacy and security.”

34
 Chapter V

Conclusion

The present world is an information economy world. Today, every specialist organization is
keen on a client not personally but rather, as an information element who is continually
producing, broadcasting and communicating information. Specialist co-ops thus use
information created from clients for different purposes like focusing on them with explicit
messages or promoting, and so forth Information has a multifold reason for profiling clients,
yet in addition for the motivations behind barraging clients with different sorts of
administrations, viewpoints, assessments, content, text which could help them settle on
choice to relating to their current everyday issues.

According to 2017, Indians downloaded 12.1 billion applications. Hence, India as a country
which has necessities to secure its information clients and their own and information
protection. The country needs to return to its current remain on mediator obligation and make
specialist organizations at risk for unapproved admittance to and utilization of outsider
information. The country needs to guarantee that the information of Indians isn't originally
shipped off areas outside India and afterward abused. Information localisation is one
methodology that should be very much analyzed in such manner, not exclusively to ensure
Indian information clients yet in addition to secure Indian digital sway as additionally India's
sovereign interest in the internet. Everyone's eyes are on the public authority to give viable
solution for influenced people, who are preferentially influenced by unapproved information
penetrates.

At the point when one ganders at the current law, one finds that India doesn't have a
committed legitimate structure to administer information through online media sites or
portable applications.

Since Facebook likewise has Mobile App. It is right that mobiles are brought under the ambit
of the term 'specialized gadget' under the Information Technology Act, 2000. Anyway the
whole perspective relating to managing the undertakings of versatile application specialist
organizations have not been characterized or sufficiently managed under the Indian digital
laws. It is right that portable application specialist co-ops are middle people under the
Information Technology Act, 2000 and subsequently, all go-betweens are commanded to
35
practice due tirelessness while they release their commitments under the law.
Notwithstanding, the particular boundaries of due ingenuity for versatile applications
specialist co-ops have not been explicitly characterized under the Indian Information
Technology Act, 2000.

There are no sufficient legitimate arrangements to control exercises of mobiles or site

application specialist organizations. This whole scene should be a reminder for India to
ensure the purchasers of portable application specialist organizations, given the way that
India doesn't have a devoted law on protection in such manner.

Ordinarily, any and each portable application will get to the information that is on a client's
gadget. This could incorporate either the media, sound, or some other data accessible on one's
telephone. It truly depends from application to application concerning what is the particular
spotlight on the information that they need to accomplish and what are the purposes behind
which they are looking for explicit authorizations from users.While the versatile Apps have
expanded our comfort, profitability and flexibility of specialized gadgets yet simultaneously
there is countless legitimate issues encompassing Mobile Apps.

The particular greatest significant legitimate issue in todays setting is that of Privacy.
Individuals have inborn assumption for security at whatever point they chat on telephone or
peruse sites. For the most part clients know about the sovereign privileges of interference of
information, observing and impeding that any sovereign government my activity. A real
genuine lay client of portable specialized gadget or one perusing online media webpage has
constantly little assumption for protection to being undermined.

Considering the above conversations and examinations of exact information on subjects

going from authoritative liabilities to security of the clients in the realm of online media,
clients legitimate mindfulness, shopper conduct, information moving by the web-based media
goliaths, obliviousness and indifference of clients, administrative lacunae, deficient laws, and
the casual idea of the Indian web-based media market.

Scope of Further Research:

36
Jurisdictional issues and consistence by the unfamiliar elements to the information of Indian
Citizens should be tended to soon. The workers are situated external India for a large portion
of the web-based media sites. There pressing requirement for administrative intercession into
this virtual world which will in general influence our everyday exercises.

37
 REFERENCES
BIBLIOGRAPHY
Books Referred:
 Nandan Kamath, Laws relating to Computers Internet & E-commerce (2013)
 Laura Scaife, Handbook of Social Media and Law (2015)
 Pawan Duggal, Mobile Crime and Mobile Law (2016)

Articles Referred:
 Agnieszka A. McPeak, Social Media, Smartphones, and Proportional Privacy in Civil
Discovery, 64 U. Kan. L.Rev. 235 (2015)
 Dr. Shivshankar Singh, Data protection and Privacy in india(2012)
 Stephen E. Henderson, Expectations of Privacy in Social Media,31 Miss. C. L. Rev.
227 (2012)
 Office of Information Commissioner, Queesnland, Guidelinse Information Policy Act
2009 Privacy and Mobile Apps
 Adam Berth, Design and Analysis of Privacy Policies (2008)
 Annicka Gunnarsson Siri Ekberg,Invasion of Privacy: spam- one result of bad privacy
protection (2003)
 Sascha van Schendel, The role of Privacy by design in big Data Analytics(2016)
 Neeraj Grover, Right of Privacy in digital Age: Evolving Privacy Laws and their
Applicabilty to social media(2011)

Newspapers Referred:
 The Indian Express
 The Business Line
 The Mint
 The Financial Express
 The Times of India
 The Chicago Tribune

38
 WEBLIOGRAPHY

1. www.jstor.org
2. www.scconline.com
3. www.supremecourtofindia.nic.in
4. www.epaper.timesofindia.com
5. www.thehindu.com
6. www.hindustantimes.com
7. www.facebook.com
8. https://www.facebook.com/policy.php

9. https://inc42.com/buzz/google-facebook-whatsapp-data-privacy/
10. https://business-law-review.law.miami.edu/social-media-privacy/
11. www.huffingtonpost.com
12. http://economictimes.indiatimes.com

39