[This is a post by Raksha Tripathy, Columnist]
“People like to express themselves, and are curious about other people.” -John Cassidy
Introduction
Justice Louis Brandeis of the United States Supreme Court gave one of the earliest meanings of privacy as an individual’s “right to be left alone.” The Black Law Dictionary defines ‘Right to Privacy’ as, “The right to be left alone without intrusion or interference by the government into personal affairs.”
Article 12 of the Universal Declaration of Human Rights (UDHR), 1948 enunciated privacy right as,
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
India is a signatory to UDHR which mandates our country to take steps in enacting laws to grant this right to privacy and ensure the protection of its citizens.
The social networking sites (SNS) have become an essential part of our lives which is evident by the number of users who are a part of it. It has provided a platform to enhance skills, knowledge and is creating tools for one’s interest. The freedom to post personal information without rational judgement has paved the way for online predators to access the information maliciously. Along with such freedom brings privacy concerns.
Right to Privacy as a Fundamental Right
The question of privacy as a right was presented before the Court in MP Sharma v Satish Chandra back in 1954 where the power of search and seizure was held not to be one’s privacy violation, and the bench held that Right to Privacy is not a fundamental right. In the case of Kharak Singh, the validity of Right to Privacy as a fundamental right was raised which was dismissed by the majority of judges saying, “Our Constitution does not in terms confer any like constitutional guarantee.” However, one of the judges, Justice Subba Rao in his dissenting opinion said that,
“…Further, the right to personal liberty takes in not only a right to be free from restrictions placed on his movements but also free from encroachments on his private life. It is true our Constitution does not expressly declare a right to privacy as a Fundamental Right, but the said right is an essential ingredient of personal liberty. Every democratic country sanctifies domestic life…”
The Right to Privacy was a debatable topic in India. However, it was in K.S Puttaswamy v Union of India where it was considered as a fundamental right under Article 21 of the Indian Constitution as an integral part of “personal liberty” enshrined under Part III of the Constitution. In 2017, the nine-judge bench of the Supreme Court gave this landmark judgment despite strong encountering arguments which stated that only a minuscule portion of the population is affected by the right to privacy; and it is an elitist construct. The opposition also contended that ‘Right to Privacy’ is a common law right but not a fundamental right and constitutional debates rejected privacy as a fundamental right.
Social Media and Privacy Breach
An SNS profile acts like an individual’s online personality or digital personality. It can create and bring content similar to a person’s interest and personal life. It also displays recommendation of events, contents, discussions based on the personal information which is quite vulnerable to a privacy breach. The Facebook data leak which affected 50 million users in which information like phone numbers, emails, and other details was compromised. These stolen data can be used as phishing mails to know an individual’s preferences, text messages or calls can be used maliciously along with other information. India was recorded as the second most affected country due to cyber-attacks which made Indian companies at a high risk of cyber-attacks to opt for cyber insurance policies.
The data leak of February 2019, where Aadhar details of over 6.7 million users containing sensitive data like addresses, numbers, etc were leaked on Indane’s website. The JustDial data breach affected 100 million users, and the personal information of these users was uploaded on unprotected servers which included names, numbers and addresses. It did not only affect those using the JustDial app but even those who called the helpline of the company between 2015-2019. Another data leak of Facebook and Twitter users in November 2019 where emails ID, username and tweets were leaked by malicious apps and was confirmed by India’s cybersecurity watchdog, CERT-In.
Indians are at a higher risk of a data breach as they comprise of more active users on social media platforms and tend to give away personal information easily as compared to other users in the markets. The careless approach, lax rules and regulations for app developers have added more to the violation of this right. “App permissions and the way app developers and owners seek permissions from users before the latter download apps vary with locations,” said Sivarama Krishnan, cybersecurity leader, India, at PwC.
“Privacy regulations in Europe, Singapore and other markets compel app owners to seek explicit and more specific approvals from users who can be more discerning while in India they take a blanket approval. Because of this, the risks could be higher in India,” he said.
The Cambridge Analytica data breach controversy questions about how much data does Facebook and other social media platforms have because, unlike other countries where companies like Cambridge Analytica need a proper framework of collecting data. There is no such thing in India where over 90% of messages, photographs, and other updates are in the public domain making the users of India an easy target of data and privacy breach. The permission of expressly giving the contacts on the phone and other related information of the user is something we need to look into.
In a Special Leave Petition 804/2017, where two students challenged WhatsApp’s new privacy policy famously known as, “Whatsapp Case.” It happened post-WhatsApp was acquired by Facebook in February 2014. The students claimed Whatsapp divulges data of the users to Facebook, which violates Right to Privacy. Following the Cambridge Analytica fiasco, the CEO of Facebook Mark Zuckerberg back in April 2018 admitted that the company had not done enough to protect the privacy of 2.2 billion users’ data and is committed to safeguarding users’ data. However, data leaks continued in the following years, which was not just limited to Facebook, but other social media platforms such as Twitter.
The huge controversy broke out when the Government introduced the Aadhar Scheme in which biometric and demographic data of the cardholders were collected and compiled for benefits like the Public Distribution System, Jan Dhan, etc. and later made Aadhaar cards mandatory for the public and private purposes. The Court dismissed this case on the grounds that minimal data was collected in the enrolment process. However, such data collection is at risk of leak and malicious use as the technological advancement in the country is not up to a certain mark where it can protect the data so compiled from hackers and others. This can be easily observed in the SBI data leak, the largest bank of India which had secured information of millions of its customers on an unprotected server without a password which compromised information like bank balances, recent transactions, etc. of the customers.
Conclusion
The Information Technology Act, 2000 has provisions such as Section 43, 66, 66F and 67, which protect user’s privacy. However, the absence of a data protection law to seek legal protection of such breach makes the matter worse in a country like India, which has the highest number of Android users in the global markets. If a data breach happens in India, it indeed amounts to the violation of Right to privacy enshrined in Article 21 of the Indian Constitution. The Indian users of such social media platforms do not have any legal recourse in case of data and privacy breach, whereas in other markets, such companies are susceptible to fines. Since it is an enormous liability of companies to afford fines which can go up to their annual turnover, and they take the security of such users in other markets more seriously than in India. The citizens themselves consider privacy as an elitist concept and pay the least attention to it.
We have a long way to go in terms of holding this right as a supreme right like other fundamental rights. The K.S Puttaswamy v Union of India has already left a footprint in other judgments such as the constitutionality of the Aadhar scheme and will be seen in future for the creation of data protection and prevention of data breach laws.