“We’re training and conditioning a whole new generation of people that when we are uncomfortable or lonely or uncertain or afraid, we have a digital pacifier for ourselves that is kind of atrophying our own ability to deal with that.” — Tristan Harris, Co-founder Centre for Humane Technologies and former design ethicist at Google Inc. In recent years the concerns about their privacy have taken a spike among the social media users, several incidents of violation of data privacy and major breaches have frightened the users and have made them self-conscious to re-think their trust and relationship with the major social media platforms.
Thus, the threat of invasion of privacy by social media networks such as Facebook, Instagram and twitter has become a matter of grave concern. In this article the author would discuss what are the various threats that exist to the social media user’s privacy, the methods used by these networks to store user data and finally the author would suggest how the same can be prevented.
Impact of Social Media
The use of Social media networks has grown tremendously in the recent few years. According to a survey conducted by Facebook, there are more than 300 million active users on their platform as of now and by 2023 it is expected to cross 450 million , whereas twitter users in India are at 18.9 million. These alarming numbers itself signifies what influence it has on the common public. It is quite evident now that power and capacity of information technology is rapidly increasing and the way it uses collected information has become a major threat to the social media user’s privacy.
Data Misuse and Threats
If cookies and cache files are not regularly cleared, the personal data of users collected by the social media networks and websites can be easily accessed by hackers and other third-party apps to which users indirectly give access to when trying to use their free services or under blanket single access sign-in. The hackers generally aim for sensitive information such as bank account details and email account passwords which can destroy the user’s life if given unabated access.
Social media users usually put out a lot of personal information on these platforms, for instance Facebook has access to user data and to generate revenue it runs advertisements wherein they give access to third party apps. A platform for websites which monetizes sensitive personal information which can be definitely used to influence people or for identity theft or credit card, banking scam.
Sexual Harassment and Paedophilia
Social media is an absolute hit among the teenagers, they are naïve and thus more vulnerable to sexual predators. Now, almost anyone can make an account on social media since there is no strict or rigorous process to do so there are several fake profiles on these platforms. The fake profilers use it to target teenagers exploiting minors or passing derogatory comments on teenage girl’s profile pictures, this drastically affects the social condition of the teenagers sometimes leading to chronic depression.
Definition of Privacy
In a society where personal preference doesn’t mean much wherein a family lives together under the same roof, the definition of privacy has always been difficult to understand. In 2017 a significant landmark judgement  ruled that Right to privacy is an intrinsic part of right to life and personal liberty enumerated under Article 21 , declaring it as a fundamental right. This nine-judge bench ruling was welcomed by all. The ruling didn’t specifically provide a definition of the term privacy however, opined on its varied aspects and elements in the Indian context. It stated that privacy does not mean hiding or secretive, it is the state’s duty to respect an individual’s autonomy and not dictate their decisions. In fact, the state should safeguard an individual’s ability to formulate its own decisions. This brings us to the negative and positive content within the right to privacy. Informational privacy is an essential aspect of right to privacy as the danger of breach of privacy is not only expected from the state authorities but also from other private institutions.  The court ordered the centre to form a powerful data protection regime to combat misuse of user data by the social media networks. In response the union government constituted a commission under Justice B.N Srikrishna.
Existing Provision and Scope of Personal Data Protection Bill
There exists a clause in the Information Technology Act 2008 which provides for protection against misappropriation or misuse of personal data of the users, it states that: “Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected.” 
Now this provision is inherently restrictive in nature, providing protection only against the corporate body. The current Personal Data Protection Bill provides a comprehensive legal framework and encompasses protection against processing/usage of data by body corporate, government and private institutions, social media network as well.
Background of the Bill
It was in 2019 that the government introduced the Personal Data Protection bill in the parliament, still there exists a lot of complexities and confusion with regard to the actual execution of the final draft of the bill. As per the current status of the bill, it is being examined by the joint parliamentary committee. To further complicate the matter different initiatives and departments in the government have vehemently opposed the structure bill. In fact, a member of the Joint parliamentary committee examining the bill was found quoting “the bill in itself is not something that is working. ….and that the committee is …going to redraw the bill”.  Although, an expert committee was set up by the Ministry of electronics and information technology which submitted its recommendations recently.
Flaws in the Bill
The objects clause of the bill provides for protection of personal data of the individuals and creation of an authority to enforce such protection. However, there are several vague concepts and terms in the legislation which are not elaborated. Furthermore, there is also a clash between the different sectoral regulators introducing policies surrounding usage of user data to enhance ease of business in India. The bill also ignores its own cardinal principle of providing protection against the use of personal data. Since there are numerous provisions wherein the government is allowed or exempted from using the data under certain circumstances. For instance, section 3 (2) of the bill  provides for usage of anonymised data however the provision doesn’t set any boundary or limitation with respect to how or when the state would be exempted from such usage of data.  This leaves the privacy of the individual subject to gross misuse by state authorities itself.
The Whatsapp Controversy
Conclusion and Way Forward
 Facebook statistics, India available at http://www.facebook.com/press/info.php? Statistics. (Last visited on January 21, 2021).
 Justice K.S Puttaswamy v/s Union of India (2017) SCC 1.
 The Constitution of India, art. 21.
 The Information Technology Act, s. 43.
 Regina Mihindukulasuriya, “Data Protection Bill won’t get cleared in its current version” The Print, December 16, 2020.https://theprint.in/india/data-protection-bill-wont-get-cleared-in-its-current-version-bjp-mp-rajeev-chandrasekhar/568003/ (Last visited on January 21, 2021).
 Personal Data Protection Bill, s. 3(2).
BY SHIVAM SINGH | NATIONAL LAW UNIVERSITY, ODISHA