With this age of Social Media where everyone wants to show the world what is going on with their lives and is equally interested in others, information sharing has not turned out to be a protected business at all. The concept of cybercrimes emerged in the 1990s and the increasing penetration of social media worldwide has resulted in widening the ambit of the term since then. These social media networking platforms provide criminals with a fertile ground for engaging in illegal activities and have time and again been under the gavel for privacy due to their feature of data sharing across platforms and advertisement algorithms which is done by using our personal details viz., websites visited, search keywords, information being shared through the profile, online transaction, cookies collected and browser history. Twitter had accepted in the past to have scanned phone contacts of users so as to have more user information. Facebook has been under the radar in the Whatsapp-Facebook Privacy case, Karmanya Singh Sareen And Anr vs Union Of India And Ors[1], wherein the privacy policy of Whatsapp which permits it to share the user data with Facebook and all its group companies for the purposes of commercial advertising and marketing has been challenged as being against privacy. It is pertinent to mention that though these platforms have introduced new features namely, blocking, protect profile, reporting, limiting viewers; the challenge to privacy still remains.
The National Crime Record Bureau released crime-related statistics of 2017 on October 22, 2019, and sadly the figures pointed towards doubled cybercrime rates in 2017. As per the report, during 2017, 56% of cyber-crime cases registered were for the motive of fraud (12,213 out of 21,796 cases) followed by sexual exploitation with 6.7% (1,460 cases) and causing disrepute with 4.6% (1,002 cases). Amongst these, a total number of 245 cases related to violation of privacy in cyberspace under the Information Technology Act, 2000 were registered in 2017, with Assam being on the top with 60.
The figures thus make it extremely necessary to know one’s right to privacy especially in relation to this virtual world. Through this article, we would be giving an overview of the constitutional right to privacy under Article 21 and enactments present in India in relation to social media privacy laws. Additionally, certain government initiatives related to cybercrime reporting and awareness are also discussed.
Constitutional Right to Privacy under Article 21
Black’s Law defines privacy as, “right to be let alone; the right of a person to be free from unwarranted publicity; and the right to live without unwarranted interference by the public in matters with which the public is not necessarily concerned.”
Article 21, Constitution of India – Right to Life and Personal Liberty, reads as:
“No person shall be deprived of his life or personal liberty except according to a procedure established by law.”
This right has been termed as being the procedural Magna Carta protective of life and liberty and as being the most organic and progressive provision. Article 21 has seen a lot of judicial activism and the interpretation of the term ‘life’ has progressed from being interpreted narrowly to widely. The Right to Life does not represent mere animal existence but imparts a much wider meaning to include the minimum and basic requirements which are essential and unavoidable, viz., right to human dignity, livelihood, health, water, pollution-free air. It thereby intends to include all those aspects of life, which go to make a man’s life meaningful, complete, and worth living.
Right to Privacy: A Fundamental Right – Justice K.S. Puttaswamy vs. Union of India
In India, the controversy concerning the status of the right to privacy as a fundamental right can be traced back to the constituent assembly debate of 1942 where Mr. Kazi Syed Karimuddin moved an amendment to protect individuals from unreasonable search-and-seizures, on the lines of the American and Irish Constitution. Though the amendment was accepted, the right to privacy did not find an explicit place in the constitution. Thereafter, in the year 1954 in the case of M. P. Sharma And Others vs Satish Chandra, District Magistrate, Delhi & Others.[2] It was decided where the Supreme Court found no justification to import the concept of a fundamental right to right to privacy in search and seizures. In 1962, in the case of Kharak Singh vs The State Of U. P. & Others[3], it was held that the right to privacy is not a guaranteed constitutional right but is a repository of residuary personal rights. However, later with Maneka Gandhi and R.C. Cooper, the approach changed and freedom and liberty were held to be null and void without the right to privacy.
Finally, in August 2017, a nine-judge bench of the Supreme Court of India in Justice K.S.Puttaswamy(Retd) vs Union Of India[4] unanimously held the right to privacy as a fundamental right and as being an intrinsic part of life and liberty under Article 21. It was held to be a natural right that is inherited by all natural persons and can be restricted only by state action if such action has a legislative mandate, legitimate state purpose and is proportionate.
The Puttaswamy judgement acted as a guide changing the government’s viewpoint in terms of citizens’ privacy. It demands authorities and companies to exhibit great care and sensitivity while dealing with personal information of citizens/users. It also requires a rights-oriented data protection law that makes all entities dealing with personal data of citizens or users, accountable.
Various Enactments Regarding Right to Privacy
The constitutional provision of Article 21 falls back in protecting matters concerning social media. There is no proper law to regulate it. There seems to be no judgement directly dealing with social media content and the ones present basically deal with defamation.
The Information Technology Act, 2000 is close to the law encompassing user data privacy-related issues but fails to understand privacy as a concept due to highly liberal interpretation. It provides for safeguards against certain breaches, for example, under Section 43 which prevents breach carried out by accessing computer, computer system or network, or downloading, copying, extracting data or causing any disruption in the system without the permission of the owner. A civil suit imposing liability to pay damages as compensation to the owner can be filed for such breaches. For Example, In ICICI Bank Limited. Mr Umashankar Sivasubramanian And Others[5], the complainant got a fake email asking for a security update and assuming it to be from ICICI Bank, the complainant shared his bank account details. Following this, a certain amount got debited from the complainant’s account. The court held ICICI Bank liable as it failed in preventing “unauthorised access” as given under Section 43 of the Information Technology Act.
In Shreya Singhal vs Union of India[6], the SC struck down section 66A of the IT Act and laid down certain guidelines under which intermediaries like Facebook, Google etc. have to take notice and remove after exercising discretion objectionable content if any from their platform. On paper, these guidelines seem very helpful in protection of privacy; however, the major issue to be addressed is these very intermediaries which have access to this data.
Post K.S. Puttaswamy judgement, the Government appointed a committee of experts for data protection with Justice B.N. Srikrishna as the chair. The committee submitted a report in July 2018 along with the draft of The Personal Data Protection Bill, 2018. The bill lapsed and was reintroduced as The Personal Data Protection Bill, 2019 in Lok Sabha on December 11, 2019, by Mr Ravi Shankar Prasad, Minister of Electronics and Information Technology.
The Report submitted in July 2018 had given various recommendations to strengthen laws related to privacy in India. The proposals included imposing restrictions on processing and collection of data, the right to be forgotten, separate authority for data protection, data localisation, explicit consent requirements for sensitive personal data, etc.
The Bill mainly seeks to provide for the protection of personal data of individuals, and the establishment of a Data Protection Authority. It governs personal data being processed by the government, Indian companies and foreign companies dealing with personal data of Indians. Personal Data is that which can be used to identify an individual such as characteristics, traits etc. Bill has also categorised data which is of nature viz., biometric, financial, political as sensitive personal data.
The Bill has also laid down specific grounds under which data can be processed. The individuals have the certain right under the bill such as to know whether their data has been processed or seek correction in case of inaccurate or incomplete data and can also restrict disclosure of such data. The Bill seeks to impose both imprisonment and hefty fine in cases where an action is undertaken in violation of the Bill.
Government Initiatives:
- A twitter handle by the username CyberDost is maintained by the Ministry of Home Affairs, Government of India for cyber safety and cybersecurity awareness.
- The Government of India provides for a National Cyber Crime Reporting Portal for filing complaints. This portal serves as an initiative by the GoI to facilitate the victims to report cybercrime online. This is a portal specifically for complaints against cyber crimes and sheds a special focus on cyber crimes against children and women. The action is taken against reported complaints by police and law enforcement agencies on the basis of information provided by the complainant. Hence, one ought to provide complete, correct and accurate details while filing a complaint.
- Apart from the online reporting mechanism, in case of emergency, one can contact police through national police helpline number 100 and women can additionally report such cases on women helpline number 181.
- The National Cyber Crime Reporting Portal also provides with guideline brochures issuing Do’s & Don’ts in relation to the following:
- Safe use of Social Media Platform: https://cybercrime.gov.in/pdf/Safe%20Use%20of%20social%20Media%20Platform%20Brochure%20final.pdf.
- Financial Fraud: https://cybercrime.gov.in/pdf/Financial%20Fraud%20Brochures%20final.pdf
- Job Fraud: https://cybercrime.gov.in/pdf/Job%20Fraud%20Brochure%20Final.pdf
- Matrimonial Fraud: https://cybercrime.gov.in/pdf/Matrimonial%20fraud%20brochure%20final.pdf
- It is also worth noting that the central government had set-up the National Informatics Centre – Computer Emergency Response Team (CERT-In) and the Home Ministry had set up the Indian Cyber Crime Coordination Centre (14C) to combat cybercrime in the country.
The GoI is working on the Personal Data Protection Bill, 2019 as discussed above and though it seems promising it has also received an equal amount of criticism and protests against it. The real image of its working would be received only when it culminates into an act until then, be safe. Don’t let the devil have control. Be cautious with the content you share and the people you provide access to. In case of emergency, take resort to the helplines provided by the respective ministry.