CERTIFICATE FROM THE SUPERVISOR

I certify that the project entitled

…………………………………………………………………………………
…………………………………………………………………………………
submitted for the Practical Paper Elective-I by
…………………………………is the record work carried out by him/her
during the period 2023-2024 under my guidance and supervision, and that this
work has not formed for the basis of the award of any degree or diploma in this
university or any other university or institution of higher learning.

DATE SUPERVISOR

( Dr.R.SRINIVASAN )
 DECLARATION

I declare that the project entitled

………………………………………………………………………………………
……………………………………………………………………………………….
submitted by me for the Practical Paper Elective - I is the record of work carried out
by me during the period from 2023-2024 under the guidance of Prof. Dr. Srinivasan
has not formed the basis for the award of any degree or diploma in this university or
any other university or similar institution of higher learning.

DATE SIGNATURE
INTRODUCTION:

The often used word privacy is a fundamental facet of personal liberty and one of
the most valued aspects for human beings. Privacy, in its foundational
understanding, denotes freedom from incursion and has long been seen as an
inalienable natural right of humanity. The inception of the right to privacy stems
back to the 1890s, when influential thinkers like Samuel D. Warren and Louis
Brandeis proposed that the “right to privacy” ought to be incorporated into the
horizon of right to life.
The acknowledgement of the “right to privacy” as a fundamental right in India took
time and was subject to judicial scrutiny from the inception of the Indian
Constitution. Initially, in Kharak Singh v. State of U.P., Justice Subba Rao's minority
opinion deemed the right to privacy as "an essential ingredient of personal liberty."
However, at that point, it was not officially recognised as a “fundamental right,” and
its status remained uncertain.

Nevertheless, a nine-judge Supreme Court panel in the case of Justice K.S.

Puttaswamy v. Union of India in 2017 restated the recognition of the right to privacy
as a fundamental right under Article 21 of the Constitution of India. They went on
to emphasize that the right to privacy was not only intricately linked to the liberties
safeguarded by diverse fundamental rights but also represented an intrinsic aspect of
dignity, autonomy, and liberty. In the global arena, the right to privacy is likewise
seen as a critical and fundamental human right and is bolstered by an effective
foundation. Article 12 of the Universal Declaration of Human Rights, 1948
(UDHR) and Article 17 of the International Covenant on Civil and Political Rights,
1966 (ICCPR) are two influential and authoritative international treaties that ensure

1|Page
and protect individuals from "arbitrary interference" in their private matters and
personal lives.

The significance of the “right to privacy” has heightened in contemporary

times, owing mostly to the growing influence of social media and the internet in
today's digital landscape. A substantial amount of concern and fear has been voiced
in recent times around the enormous amount of private information stored in
computer files. The “right to privacy” “pertains to an individual's right to regulate
the collection, utilisation, and dissemination of their private information.” Social
media has evolved into a potent instrument that facilitates individuals in connecting,
collaborating, and sharing ideas and information globally. It has garnered
widespread popularity worldwide, connecting millions of individuals through the
digital medium. Advancing technology allows people to store their personal data in
digital spaces, but the growing misuse of technology by nefarious elements has
raised concerns about the privacy of individuals' data. Social media networks extract
private information on individual actions, hobbies, personality traits, perspectives on
politics, and internet patterns, and misuse of such private information poses a grave
threat to the “right to privacy” of individuals as enshrined in the Indian Constitution.

SOCIAL MEDIA AND RIGHT TO PRIVACY: HOW TO STRIKE

A BALANCE?

“Privacy is not an option, and it shouldn't be the price we accept for just getting
on the Internet.”
- Gary Kovacs

The internet has permeated every facet of existence, with modern technology
skillfully weaving it all together. People establish connections with others and

2|Page
employ social media as a medium for communication. Furthermore, digital space
functions as a platform for engaging in business transactions, procuring goods and
services, accessing new information, and streamlining ordinary operations such as
banking. With every internet transaction, the user unknowingly leaves electronic
tracks that contain powerful means of information that provide knowledge about the
user and their interests. In such an information age, which has been purported as “an
era of ubiquitous dataveillance, or the systematic monitoring of citizen’s
communications or actions through the use of information technology”, there exists
a greater threat to the right to privacy of people as underscored in the Justice K.S.
Puttaswamy v. Union of India.

The consideration of incorporating the “right to privacy” into the Indian

Constitution has been a subject of judicial scrutiny since its establishment, as it was
never explicitly stated. The matter of recognising the “right to privacy” under Part
III of the Constitution was raised during the M.P. Sharma v. Satish Chandra case,
wherein the court decided not to make that determination. In the Kharak Singh v.
State of U.P., although privacy was acknowledged, it was not yet deemed as an
essential right, however, in PUCL vs Union of India, the court affirmed citizens'
private interests and implemented legal safeguards to protect people's right to
privacy against telephone tapping.

The landmark decision in Justice K.S. Puttaswamy v. Union of India, which revolved
around Aadhaar, a government initiative providing a unique identification to Indian
residents, confirmed the “right to privacy as a fundamental right” under Article 21.
Article 21 safeguards the "Right to life and personal liberty" as part III of the Indian
Constitution.

3|Page
In the digital age of today, the “right to privacy” is significantly jeopardised by the
growing dependence of individuals on the internet, particularly on social media
platforms and such potential risk to private data becomes pronounced as individuals
interact with technology. The watershed ruling of the nine-judge bench underscored
concerns about the potential loss of privacy for individuals, cautioning against both
state and non-state entities. This heightened risk arises from the increased interaction
of individuals with technology, which has the capability to gather, archive, and mine
information for the purpose of profiling individuals. On the one hand, social media
portals give an effective platform for freely expressing oneself to an extensive
demographic; however, on the other hand, they risk exposing the crucial confidential
personal information of consumers.

The utilisation of "electronic tracks" by various social networking platforms to

gather data from users for personalisation or targeted adverts poses an enormous
threat to individual privacy. Moreover, extensive broadcasting of personal
information on social media outlets is intrinsically injurious to individual privacy.
Platforms like Facebook have frequently been embroiled in controversies regarding
privacy and user security. Even during its nascent years, it was observed that
Facebook’s algorithm was saving the incomplete posts and comments of the user
even before it could be posted as “metadata.” These concerns regarding user data
were substantiated, particularly after the notable data privacy breach incident in the
'Cambridge Analytica Scandal,' in 2018, where the data and records of millions of
people were harvested from Facebook by the data-harvesting enterprise Cambridge
Analytica leading to infringement of “right to privacy” of the users.

Concerns over possible invasions of people' “right to privacy” have been prompted
by recent privacy policy amendments made by X (formerly Twitter), which permit
4|Page
the collection of users' biometric data. In a similar vein, the Supreme Court of India
is currently reviewing the privacy regulations that WhatsApp notified in 2016 and
in 2021 after its takeover by Facebook in the case of Karmanya Singh Sareen & Anr.
v. Union of India & Ors. The lawsuit seeks to uphold Indian residents' data and “right
to privacy.” According to WhatsApp's 2016 privacy policy, any consumer data
published with the app will also be transmitted to Facebook, the parent organisation.
The amended policy in 2021 stipulated that consumers would be unable to opt out
of transferring data with Facebook if they intended to keep using the app;
otherwise, their profile would be terminated. The present situation constitutes an
imminent risk to the citizens' “right to privacy.”

Another cause of concern regarding privacy is the long-term preservation of

information on social networking services. For instance, Facebook's terms of use
render it the liberty to archive private data indefinitely, establishing an irreversible
extent of control over personally identifiable information. Consequently, even when
a user wishes to cease using the social network, the data they provide remains beyond
their control. Even the social media apps that are no longer operational in India, such
as Tik-Tok can reportedly still continue to access data of Indian users from the app
and are able to mine updated data and information of the individuals using the
previously existing data which was stored on the app even after the app has been
banned in India since 2020. This presents an enormous threat to the privacy of
users’ data, which nevertheless remains readily obtainable in the contemporary
digital landscape and can be exploited by networking software to mine and
profile updated information that relies on existing data. If unauthorised parties were
to obtain such sensitive data, the implications may be catastrophic
while jeopardising people's safety and causing a grave infringement on their right to
privacy as guaranteed by Article 21 of the Indian Constitution.
5|Page
LEGISLATIVE FRAMEWORK ON THE RIGHT TO PRIVACY:

In light of escalating apprehensions over the privacy of individuals' data on social

media, there arose a necessity for a resilient and all-encompassing legal framework
to govern the data protection landscape and uphold the privacy rights established
under Article 21.To protect people' data and privacy, the Indian Parliament adopted
the highly anticipated 'Digital Personal Data Protection Act '("DPDPA") in August
2023 which represents a significant achievement as India's inaugural comprehensive
legislation for data protection.

Prior to the current legislation, data privacy was partially protected under
the Information Technology Act of 2000 and the Information Technology
(Reasonable security practises and procedures and sensitive personal data or
information) [SPDI] Rules of 2011, but these statutory provisions were deemed
insufficient to adequately safeguard citizens' right to privacy.

The 'Digital Personal Data Protection Act 2023' outlines a structure for addressing
digital personal data which preserves citizens' right to privacy while also embracing
that the handling of such data is crucial for legitimate objectives, such as associated
or incidental issues. The Act strongly entrusts data principals with control over their
personal data, forbidding the storage and use of their data without express
authorization—with the exception of some admissible situations in which an
innovative concept known as "deemed consent" is incorporated. It also grants
individuals the right to seek redress for grievances and the authority to designate
individuals who will receive their data. It also gives individuals the right to seek
redress for grievances and the authority to decide who will obtain their data. In
addition, the Act incorporates the "right to erasure," enabling users the ability to ask

6|Page
for an erasure of their personal information, offering them greater control over their
online identity while also outlining commitments to entities identified as "data
fiduciaries," which are in charge of gathering, archiving, and utilising digital
personal data.

It also gives individuals the right to seek redressal for grievances and the authority
to decide who will obtain their data. Moreover, the legislation incorporates the "right
to erasure," granting users the capability to request the deletion of their personal
information which enhances individuals' authority over their online identity. It is
pertinent to note, however, that the Act does not explicitly incorporate the "right to
be forgotten" as a separate provision, despite its acknowledgment as a crucial
element within Article 21 under the aegis of the "Right to Privacy." The Act further
highlights its commitment to responsible data management by outlining the
responsibilities of organisations designated as "data fiduciaries," which are in charge
of gathering, storing, and utilising digital personal data.

Therefore, by promoting transparency, fairness, and autonomy over personal data,

the ‘Digital Personal Data Protection Act 2023’ fortifies the “right to
privacy” guaranteed by Article 21 of the Indian Constitution

INVASION OF PRIVACY IN CYBER WORLD:

Due to the excessive dependence on the computer, as a tool for information sharing
and retention of data and the use of the internet as a medium for data transfer, various
invaders who indulge in the act of stealing the information, as shared through online
by the user, either by use of malicious spyware, or by various computer bugs, or the

7|Page
data as collected from the website which is stored in the cookies folder of the
computer.

Also the information that the user shares in the social networking profile i.e.
Linkedin, Twitter, Facebook, Instagram, etc. are very prone to be accessed by any
intruder and are easily manipulated and misused causing privacy intrusion issues to
the concerned social media user. Threats also like email attachment containing
malware that discloses personal information of the recipient of the mail to the sender
or any intruder. Children, who use the internet, are also easy prey of the intruders
because all the information fed by a child can be easily tracked by cybercriminals.
Wikipedia says that there are around 400 million users of the social media websites
and almost all of the users, use the application for the purpose of chatting, uploading,
photographs, and feeding vital personal information in their databases. Cybercrimes
which is committed by the use of the internet, whereby computer is used as a tool or
target and is the most advanced form of privacy intrusion.

Now a day's companies are hiring third parties to collect information about the
peoples who are using the internet and social sites, to pile up their data records, about
such peoples and their vital information, so that they can use the same for
advertisement purpose or for selling it to some other companies. The protection of
privacy and data of the peoples using the internet is the major issue nowadays, many
countries have passed many laws to protect the privacy of their people.

In the U.S, in order to protect the interest of the children and their privacy who use
the internet, the Federal Trade Commission has enacted The children Internet
Protection Act 2000.

8|Page
LACK OF SPECIAL LAW ON PRIVACY IN INDIA:

Since a long period of time, India do not have a special law dealing with cyber crimes
and cyber privacy issues, jurisdiction issues, and intellectual property rights issues,
and a number of other issues. Perhaps it was the only n the year 2000; The India
Legislature enacted the Information Technology Act, 2000 to deal with cyber crimes
and cybercriminals. IT Act lays down penalty and punishment provisions for
violation of certain laws which amounts as an offense.

The act was later on amended again in the year 2008 and knows as the Information
Technology Amendment Act 2008. The Act contains a number of provisions which
protects the privacy of a person from online intrusion and exploitation. It provides
both fine and punishment by imprisonment in case of hacking (Section 43, 66), three
years imprisonment for violation of privacy(section 66E), identity theft(Section-66
C) and cheating by personation (Section 66 D), offensive email (Section 66A).

Section 72A of the IT Act penalizes the unauthorized disclosure of personal

information by any person who has obtained such information under a lawful
contract and without consent of the person from whom such information belonged
or taken. Apart from this the IT Act also provides provision for data safety.

Section 43A of the Information Technology Amendment Act 2008, lays down that
all corporate bodies and intermediaries who possess, handle or collect any sensitive
personal data shall maintain reasonable security practices and in case of failure they
shall be liable to the person who is aggrieved by such misuse of data.
The government has notified the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

9|Page
The Rules only deals with protection of Sensitive personal data or information of a
person, which includes such personal information which consists of information
relating to:
❖ Passwords;
❖ Financial information such as bank account or credit card or debit card or
other payment instrument details;
❖ Physical, physiological and mental health condition;
❖ Sexual orientation;
❖ Medical records and history;
❖ Biometric information.

The rules provide reasonable security practices and procedures, which the body
corporate or any person who on behalf of the body corporate collects, receive,
possess, store, deals or handle information is required to follow while dealing with
Personal sensitive data or information. In case of any breach, the body corporate or
any other person acting on behalf of the body corporate, the body corporate may be
held liable to pay damages to the person so affected.

PARLIAMENTARY REPORT ON CYBER SECURITY & RIGHT

TO PRIVACY:

The Parliamentary Standing Committee on Information Technology in its 52nd

Report on Cyber Security and Right to Privacy said that a significant increase in
cyberspace activities and access to internet use in India coupled with lack of user
end discipline, inadequate protection of computer systems, and the possibility of
anonymous use of ICT allowing users to impersonate and cover their trends of crime
has emboldened more number of users experimenting with ICT abuse for criminal

10 | P a g e
activities. The Committee is of the opinion that this aspect has a significant impact
in blunting the deterrence effect created by the legal framework in the form of the
Information Technology Act, 2000, and allied laws.
The Committee has listed several offenses which fall under the purview of cyber-
crimes and the remedies available within the existing legal framework.
Cyberstalking or stealthily following a person and tracking his internet chats is
punishable under Sec 43 and 66 of the IT Act, 2000 while video voyeurism and
violation of privacy is a crime under Section 66E of the IT Act with a punishment
of three years with fine. The Department of 82 Electronics and Information
Technology (DeiTY) during the course of evidence submitted to the Committee that
with regard to the data pertaining to privacy related cases booked under Sec 72(A)
of the IT Act the number of cases registered have risen from 15 in 2010 to 46 in
2012 while the number of persons arrested were 22 in 2012.

The Committee members were of the opinion that considering the nature of
cyberspace which is borderless, balancing cybersecurity, cyber-crime and the right
to privacy is an extremely complex task. The members were also unhappy of the fact
the government is yet to institute a legal framework on privacy. It urged upon the
Department of Electronics and Information Technology (DeiTY) in coordination
with the Department of Personnel and Training and multi-disciplinary
professionals/experts to come out with a comprehensive and people-friendly policy
for the protection of the privacy of its citizens[4].

PERSONAL DATA PROTECTION BILL 2019:

The Government of India, therefore, constituted a committee to propose a draft

statue on data protection. The committee proposed draft law and the govt. of India

11 | P a g e
has issued the Personal Data protection Bill 2019 (PDP) Bill based on the draft
proposed by the committee. This will be India first law on the protection of data and
it will repeal section-43A of the IT Act.

The PDP Bill, proposes a broader reach. It will not only apply to persons in India
but also to persons outside India in relation to business carried out in India. The PDP
Bill, proposes to apply both on manual and electronic records. The PDP bill proposes
creating a Data Protection Authority in India. The Authority will be responsible for
protecting the interest of data principals, preventing misuse of personal data and
ensuring compliance within the new law.

The PDP Bill proposes to protect Personal Data relating to the identity,
characteristics trait, attribute of a natural person and Sensitive Personal Data such as
financial data, health data, official identifier, sex life, sexual orientation, biometric
data, genetic data, transgender status, intersex status, caste or tribe, religious or
political beliefs. Pursuant to the PDPB being enacted into an Act, there are several
compliances to be followed by organizations processing personal data in order to
ensure the protection of privacy of individuals relating to their Personal Data.
Consent of the individual would be required for the processing of personal data.

Based on the type of personal data being processed, organizations will have to
review and update data protection policies, codes to ensure these are consistent with
the revised principles such as update their internal breach notification procedures,
implement appropriate technical and organizational measures to prevent misuse of
data, Data Protection Officer to be appointed by the Significant Data Fiduciary, and
instituting grievance redressal mechanisms to address complaints by individuals.

12 | P a g e
In a Landmark Judgement delivered on August 23rd 2017, Justice K.S Puttaswamy
(Retd.) Versus Union of India (Case NO- WP (C) 494/2012 ), the Hon'ble Supreme
Court through its 9 Judge Bench held that the fundamental right to privacy is
guaranteed under the Constitution of India.

The Court stated that every person should have the right to control the commercial
use of his or her identity and that the right of an individual to exclusively use and
commercially exploit their identity and personal information, to control the
information that is available about them on the internet and to disseminate certain
personal information for limited purposes only which emanate from this right. This
is for the first time Supreme Court has expressly recognized the right of an individual
over his personal data.

13 | P a g e
CONCLUSION:

As a cornerstone of individual freedom, privacy is a concept that is extremely

essential for humanity. The right to privacy is rooted in human nature's unalienable
rights and has historical relevance. In India, the acknowledgment of the right to
privacy went through a transforming journey before being affirmed as a fundamental
right by a nine-judge Supreme Court bench in the \Justice K.S. Puttaswamy v. Union
of India case.”

In the contemporary era, dominated by the pervasive influence of social media and
the internet, has elevated the significance of privacy. Concerns have arisen due to
the extensive storage of private information and the potential misuse of technology,
particularly by malevolent actors. While social media creates a platform for global
exchange and cooperation, it also exposes to individual privacy due to the extraction
and utilisation of personal information.

The ever-evolving digital landscape necessitates a careful balance between privacy

protection and technological progress and The ‘Digital Personal Data Protection Act
2023’ represents a significant step towards maintaining this balance and preserving
the essence of personal liberty in the ever-expanding digital landscape.

14 | P a g e
REFERENCE:

https://www.legalserviceindia.com/legal/article-3763-a-study-of-indian-
law-on-protection-of-right-to-privacy-in-the-cyber-world.html

https://www.tscld.com/right-to-privacy-social-media

https://www.aimspress.com/article/doi/10.3934/mbe.2020286?viewType
=HTML

https://www.researchgate.net/publication/277928128_Modern_technolo
gy_and_challenges_to_protection_of_the_right_to_privacy

https://articles.manupatra.com/article-details/Right-to-Privacy-in-
Digital-Age

15 | P a g e
16 | P a g e