Please note! This essay has been submitted by a student.
The 21st century has witnessed rapid strides in the use of technology. Technology has reached our bedrooms. Mobile technology has made cyber space accessible to a vast section of the population to the extent that the capability of people to participate in the full spectrum of economic and social activities are limited without mobile devices. It has enabled people all over the world not just to communicate more effectively, but even to control devices in their homes and cars. As per the Global Digital (We Are Social 2018) report, over half of the world’s population has access to internet. According to the Telecom Statistics published by the GoI in 2017((Kishore Dubey 2017)), India has 422.20 million internet subscribers. India has the second largest number of internet users in the world and the number is increasing. (Mahmoodi et al. 2018) argues that while the advent of internet and social media has had considerable advantages for society, their growing influence raises concerns for privacy and the collection and use of personal information. The technologies pose immense threats to individual privacy . We have , over the past few years witnessed many instances of sensitive personal information being compromised. This essay focusses on the concerns of privacy and social media.
(Brandeis and Warren 1890) in their seminal paper “The Right to Privacy” had described Privacy ‘as the protection of individuals space and their right to be left alone’. Any discussion of privacy involves a reference to the boundaries between private and public. U .S. Supreme Court Justice Louis Brandeis described Privacy as “the most comprehensive of the rights and the right most valued by civilized men”(Solove 2008). Honourable Supreme Court of India in Puttaswamy case had observed that “Privacy, in its simplest sense, allows each human being to be left alone in a core which is inviolable.” The Honourable Court further observed that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.”
(Kang 1997) had argued that privacy in the modern world has two dimensions- regarding the identity of the individual and the way in which his personal information is used. Information privacy mainly relates to personal data stored in information systems, such as medical records, financial data, photos, and videos. It also concerns an individual’s control over the processing— the acquisition, disclosure, and use of personal information. He mentions that ‘privacy is invaded when, for example, someone obtains sensitive medical data by rifling through confidential files without permission’.
Cambridge Analytica incident is a watershed event in the history of privacy debates and discussions. Cambridge Analytica had purchased data on tens of millions of Americans from Facebook without their knowledge. The questions as to how Facebook allegedly gave special data deals to device makers or why companies like Google allegedly track people’s location even after they’ve turned location tracking off have been discussed in (Lapowsky 2019)The incident was followed by privacy concerns regarding the use of personal data and snooping by the companies. Sensitive personal information, of almost 150 million people was compromised in the 2017 Equifax data breach. The personal details of about 500 million persons were compromised in the 2018 Starwood breach, wherein the hotel chain had admitted that its servers suffered an unauthorized access. This shows how modern Information and communication technology and systems threaten individual privacy.
Social media have changed the way people interact with other people, exchange opinion on issues and have given them a medium to express themselves in the virtual world. (Kaplan and Haenlein 2010) have discussed how the term “social media” was coined after the creation of networking sites like Myspace, Facebook etc. and how social media gained prominence. Further, high speed internet enhanced the popularity of social media. (Amichai-Hamburger and Vinitzky 2010) have stated in their research that individuals tend to transfer their offline behaviour online. Social media play a good amount of role in the way people participate in political activities, protests, gather medical/ health information, do job related activities and search news. Individual users generate and upload their own content onto the web. The social media gained popularity as people started inviting other users to read, view, and comment on their posts. Social media are platforms that encourage people to interact, share thoughts, and discuss information online.
People share a lot of information on the social media while interacting with friends, to express opinions or for a moment of fame. More often than not, the data is being seen by some of the unintended members of the social network also. (Garcia 2017) has argued that personal information of people outside a social network could be predicted with the data shared by other users. Every action of a user online through his devices can become information that can potentially be collected, stored, and shared as explained by (Mooney n.d.) in her book. The barriers between private and public lives can become fluid on social media. Privacy concerns do emerge when personal details are spread beyond the intended audience or are used in unintended or unauthorized ways. Sometimes, serious consequences result from use of private data – including reputational harm. Comments and posts meant for a select audience can live forever publicly on the Internet for the consumption of everyone else also. A loss of sensitive personal information through a privacy breach can expose individuals to embarrassment, loss of employment or business opportunities, personal safety and potentially, identity theft. Pew Internet Research report titled “Anonymity, Privacy, and Security Online”(LEE RAINIE, SARA KIESLER 2013) found that 55 percent of Internet users aged eighteen to twenty-nine have experienced difficulty when their personal information was compromised online. Some informed of having their social networking account taken over without permission, being stalked or harassed online, personal data stolen online, suffering reputation damage, becoming a victim of an online scam. It would not be an exaggeration if the same holds good, albeit with variations in numbers; for India also.
Cambridge Analytica, Facebook etc are just a few of the number of companies that track the online activities of customers to gain a competitive edge. These companies can use the information so collected themselves or monetize it by selling it to third parties. Such third parties know what users buy, their health status, social networks, browsing habits and even their financial health. This information can easily be used to profile a person and/or to provide targeted web content to their mobile devices, cajoling them to watch/read the intended information, and collect more personal data of the unassuming users; thereby pulling them into a vicious cycle. Facebook had admitted before the hearing in US Senate(Facebook, Social Media Privacy, and the Use and Abuse of Data 2018) that “Facebook’s goal is to deliver the right content to the right people at the right time. This is just as true of posts and other content in users’ News Feeds as it is for ads in their News Feed. And to choose the right ads Facebook listens to what feedback users provide.” – meaning whereby they collect user behaviour.
With a significant number of social media users experiencing privacy violations, the need to protect privacy becomes critical. Several parties have a role in protecting privacy online, including individual users, Internet service providers, social media sites, and the government.
Legal or constitutional protection for users’ privacy is one way of providing a strong balance between the immense financial benefits that technology companies reap by use of personal data and the privacy of the users concerned. Self-regulation alone, as practiced in many countries would not suffice – as the Cambridge Analytica incident has shown.
Concerned that social media sites are not adequately protecting user privacy, debates for legislation to protect privacy on social media has taken steam. The GDPR of the EU shall be viewed in this context. The (General Data Protection Regulation (GDPR) 2018) mandates that the privacy policies should contain what personal information you collect, how you collect it, what you use it for, how you keep it secure, whether you share it with third parties and whether users have any control over any of these. The GDPR primarily gives control to individuals in EEA over their personal data. It mandated that the controllers of personal data must put in place appropriate technical and organisational measures to implement the data protection principles. Business processes that handle personal data are to be designed and built with safeguards to protect data (for example, using pseudonymization or full anonymization where appropriate), and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or unless the data controller or processor has received an unambiguous and individualized affirmation of consent from the data subject. The data subject has the right to revoke this consent at any time. Thus GDPR came up with the concept of informed consent and the right to revoke the consent once given. It also mandates that the companies should report data breaches in a specified time frame. It further enunciates that the data subject has the right to request erasure of personal data related to them.
Justice Sri Krishna Committee report (JusticeSrikrishna 2018) discussed about the idea of data privacy in India. The report proposed inter-alia, the importance of consent and localisation of data and considers data as an asset. Ministry of Electronics & Information Technology, Government of India has formulated a draft personal data protection bill based on the said report. The bill proposes granting the right to be forgotten to the data principals (consumers/users). The draft bill introduces a set of new obligations such as periodic data audits, maintaining the records of data processing and performing data protection impact assessments on the service providers. The bill requires data fiduciaries to store at least one copy of personal data on servers or data centres located in India. The data protection law in India is expected to herald a new chapter in the privacy conundrum. Regulation of such social media platforms are essential lest they continue to monetize/utilize the data of unassuming subjects with immaculate ease, much to the detriment of privacy of unassuming users.
Social media and the Internet has changed the way the world communicates by bringing people across the globe together on common platforms. However,the use of social media has led to an increase in privacy concerns, and private information is being used and shared by unintended people and businesses for unintended purposes. Navigating the social media while maintaining appropriate privacy has become difficult for users. While they should make individual choices, legislative interventions like the GDPR would help to a great extent in mitigating the privacy concerns of the people using social media. The legislation had made informed consent and right to be forgotten mandatory. India, having one of the largest user base for social media platforms shall take lead in addressing the privacy concerns for its citizens – as suggested by Justice Sri Krishna committee report. The individual must be in control of his privacy and personal data- not some platforms who hold them. Last, but not the least, every man has the right to be forgotten, even by God.