Social Media and Privacy: Data Protection Law, Need of the Hour?

“We’re training and conditioning a whole new generation of people that when we are uncomfortable or lonely or uncertain or afraid, we have a digital pacifier for ourselves that is kind of atrophying our own ability to deal with that.” — Tristan Harris, Co-founder Centre for Humane Technologies and former design ethicist at Google Inc. In recent years the concerns about their privacy have taken a spike among the social media users, several incidents of violation of data privacy and major breaches have frightened the users and have made them self-conscious to re-think their trust and relationship with the major social media platforms.

The users have become extra cautious with the usage and way of handling of their personal information. Recently, WhatsApp has updated its privacy policy wherein it is out rightly mentioned how the user’s personal information can be shared with third party apps. This move by WhatsApp has been vehemently opposed by the masses and has proven to be controversial.

Thus, the threat of invasion of privacy by social media networks such as Facebook, Instagram and twitter has become a matter of grave concern. In this article the author would discuss what are the various threats that exist to the social media user’s privacy, the methods used by these networks to store user data and finally the author would suggest how the same can be prevented.

Impact of Social Media

The use of Social media networks has grown tremendously in the recent few years. According to a survey conducted by Facebook, there are more than 300 million active users on their platform as of now and by 2023 it is expected to cross 450 million [1], whereas twitter users in India are at 18.9 million. These alarming numbers itself signifies what influence it has on the common public. It is quite evident now that power and capacity of information technology is rapidly increasing and the way it uses collected information has become a major threat to the social media user’s privacy.

Data Misuse and Threats


 If cookies and cache files are not regularly cleared, the personal data of users collected by the social media networks and websites can be easily accessed by hackers and other third-party apps to which users indirectly give access to when trying to use their free services or under blanket single access sign-in. The hackers generally aim for sensitive information such as bank account details and email account passwords which can destroy the user’s life if given unabated access.

Identity theft

Social media users usually put out a lot of personal information on these platforms, for instance Facebook has access to user data and to generate revenue it runs advertisements wherein they give access to third party apps. A platform for websites which monetizes sensitive personal information which can be definitely used to influence people or for identity theft or credit card, banking scam.

Sexual Harassment and Paedophilia

 Social media is an absolute hit among the teenagers, they are naïve and thus more vulnerable to sexual predators. Now, almost anyone can make an account on social media since there is no strict or rigorous process to do so there are several fake profiles on these platforms. The fake profilers use it to target teenagers exploiting minors or passing derogatory comments on teenage girl’s profile pictures, this drastically affects the social condition of the teenagers sometimes leading to chronic depression.

Definition of Privacy

In a society where personal preference doesn’t mean much wherein a family lives together under the same roof, the definition of privacy has always been difficult to understand. In 2017 a significant landmark judgement [2] ruled that Right to privacy is an intrinsic part of right to life and personal liberty enumerated under Article 21 [3], declaring it as a fundamental right. This nine-judge bench ruling was welcomed by all. The ruling didn’t specifically provide a definition of the term privacy however, opined on its varied aspects and elements in the Indian context. It stated that privacy does not mean hiding or secretive, it is the state’s duty to respect an individual’s autonomy and not dictate their decisions. In fact, the state should safeguard an individual’s ability to formulate its own decisions. This brings us to the negative and positive content within the right to privacy. Informational privacy is an essential aspect of right to privacy as the danger of breach of privacy is not only expected from the state authorities but also from other private institutions. [4] The court ordered the centre to form a powerful data protection regime to combat misuse of user data by the social media networks. In response the union government constituted a commission under Justice B.N Srikrishna.

Existing Provision and Scope of Personal Data Protection Bill

There exists a clause in the Information Technology Act 2008 which provides for protection against misappropriation or misuse of personal data of the users, it states that: “Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected.” [5]

Now this provision is inherently restrictive in nature, providing protection only against the corporate body. The current Personal Data Protection Bill provides a comprehensive legal framework and encompasses protection against processing/usage of data by body corporate, government and private institutions, social media network as well.

Background of the Bill

It was in 2019 that the government introduced the Personal Data Protection bill in the parliament, still there exists a lot of complexities and confusion with regard to the actual execution of the final draft of the bill. As per the current status of the bill, it is being examined by the joint parliamentary committee. To further complicate the matter different initiatives and departments in the government have vehemently opposed the structure bill. In fact, a member of the Joint parliamentary committee examining the bill was found quoting “the bill in itself is not something that is working. ….and that the committee is …going to redraw the bill”. [6] Although, an expert committee was set up by the Ministry of electronics and information technology which submitted its recommendations recently.

Flaws in the Bill

The objects clause of the bill provides for protection of personal data of the individuals and creation of an authority to enforce such protection. However, there are several vague concepts and terms in the legislation which are not elaborated. Furthermore, there is also a clash between the different sectoral regulators introducing policies surrounding usage of user data to enhance ease of business in India. The bill also ignores its own cardinal principle of providing protection against the use of personal data. Since there are numerous provisions wherein the government is allowed or exempted from using the data under certain circumstances. For instance, section 3 (2) of the bill [7] provides for usage of anonymised data however the provision doesn’t set any boundary or limitation with respect to how or when the state would be exempted from such usage of data. [8] This leaves the privacy of the individual subject to gross misuse by state authorities itself.

The Whatsapp Controversy

One of the primary reasons as to why Whatsapp is one of the most popular internet messaging and conversing apps due was its maintenance of user’s privacy which was why in 2014 when it announced that Whatsapp messages would be end to end encrypted so as to safeguard its user’s privacy. This move was widely appreciated by the masses across which added more to its popularity. Therefore, when it recently announced their updated privacy policy it was quite shocking since this was an app which made a fortune out of its privacy policies, its users felt safe chatting and conversing.  The updated policy states that user data will be accessible to Facebook and other third-party apps, companies. These data would include mobile device information, IP address, location and transaction data. Although it has been maintained by the social messaging giant that the users will be notified at the start of the chat itself if the business or third-party company would use Facebook to analyse such data.  Furthermore, the users can also block that particular business.  These social media giants always take defence of limited usage or purpose based use whenever the issue of privacy is raised. However, Whatsapp now being a subsidiary of Facebook does not really have an absolutely authentic track record with regard to data protection, the whole world knows about Cambridge Analytica scam and how Facebook and its user’s personal data was used to influence the elections and precisely why everyone is concerned about maintenance of privacy and Whatsapp privacy policy.

Conclusion and Way Forward

The social media networks have become a hotspot for new criminal activities and potential targets for attackers. Since a lot of delicate information is available on the internet and the risk is low for tech savvy attackers. The author believes that users have varied views with regard to the use of social media networks, the youngsters are mainly concerned with increasing their followers and making friends and thus least bothered about privacy issues. People aged more than 50 aren’t that tech savvy and don’t even understand when they give access to their personal information and data. This makes processing of data quite simple for social media networks, in fact user data in itself has become a major money market. Furthermore, the author also believes that it is imperative for the Union Government to implement the PDP Bill as soon as possible had the bill been enacted into law such privacy policy would have been declared illegal. As in European Union Whatsapp had to make an exception. Thus, a comprehensive data protection law in the country is the need of hour to combat such restrictive policies.


[1] Facebook statistics, India available at Statistics. (Last visited on January 21, 2021).

[2] Justice K.S Puttaswamy v/s Union of India (2017) SCC 1.

[3] The Constitution of India, art. 21.

[4] Ibid.

[5] The Information Technology Act, s. 43.

[6] Regina Mihindukulasuriya, “Data Protection Bill won’t get cleared in its current version” The Print, December 16, 2020. (Last visited on January 21, 2021).

[7] Personal Data Protection Bill, s. 3(2).

[8] Ibid.


Leave a Comment

Your email address will not be published. Required fields are marked *