Please note! This essay has been submitted by a student.
The 21st century has witnessed rapid strides in the use of technology. Technology has reached our bedrooms. (Mahmoodi et al. 2018) argues that the advent of the Internet and social media has drastically transformed all aspects of our lives. Mobile technology has made cyber space accessible to a vast section of the population to the extent that the capability of people to participate in the full spectrum of economic and social activities are limited without mobile devices. It has enabled people all over the world not just to communicate more effectively, but even to control devices in their homes and cars. As per the Global Digital ((We Are Social 2018)) report, over half of the world’s population is now online, with the latest data showing that nearly a quarter of a billion new users came online for the first time in 2017. According to the Telecom Statistics published by the GoI in 2017((Kishore Dubey 2017)), India has 422.20 million internet subscribers. India has the second largest number of internet users in the world, and as mobile data plans become more affordable and easily available, the access to the internet in India is becoming more widespread. (Mahmoodi et al. 2018) argues that while this has had considerable advantages for society overall, the growing influence of the Internet and technologies has always been linked to concerns for privacy and the collection and use of personal information. The technologies pose immense threats to individual privacy . We have , over the past few years witnessed many instances of sensitive personal information being compromised. This essay focusses on the concerns of privacy and social media.
The concept of privacy in cyberspace
(Brandeis and Warren 1890) in their seminal paper “The Right to Privacy” had described Privacy as the protection of individuals space and their right to be left alone. Any discussion of privacy involves a reference to the boundaries between private and public. U .S. Supreme Court Justice Louis Brandeis pronounced Privacy as “the most comprehensive of the rights and the right most valued by civilized men”(Solove 2008). Honourable Supreme Court of India in Puttaswamy case had observed that “Privacy, in its simplest sense, allows each human being to be left alone in a core which is inviolable.” The Honourable Court further observed that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.”
(Kang 1997) had argued that privacy in the modern world has two dimensions in the context of a digital space. First, it has to do with the identity of a person and, second, it has to do with the way personal information is used. Information privacy mainly relates to personal data stored in information systems, such as medical records, financial data, photos, and videos. It also concerns an individual’s control over the processing— i.e., the acquisition, disclosure, and use of personal information. He mentions that privacy is invaded when, for example, someone obtains sensitive medical data by rifling through confidential files without permission.
The Cambridge Analytica incident is a watershed event in the history of privacy debates and discussions. Cambridge Analytica had purchased data on tens of millions of Americans from Facebook without their knowledge. The questions as to how Facebook allegedly gave special data deals to device makers or why companies like Google allegedly track people’s location even after they’ve turned location tracking off have been discussed in (Lapowsky 2019)The incident was followed by privacy concerns regarding the use of personal data and snooping by the companies. Sensitive personal information, including credit scores, of almost 150 million people was compromised in the 2017 Equifax data breach. This shows how modern Information and communication technology and systems threaten individual privacy by making the invasion of privacy cheap ,effective and profitable.
The advent of Social media
Social media have enabled users to interact with other people, create, and exchange information and opinions, and also express themselves in the virtual world. The growing availability of high-speed Internet access further added to the popularity of the concept of social networking, leading to the creation of social networking sites such as MySpace (in 2003) and Facebook (in 2004). (Kaplan and Haenlein 2010) have discussed how the term “social media” was coined after the creation of the said networking sites and how it gained prominence. (Amichai-Hamburger and Vinitzky 2010) have stated in their research that individuals tend to transfer their offline behaviour online. Social media play a good amount of role in the way people participate in political activities, protests, gather medical/ health information, do job related activities and search news. Individual users generate and upload their own content onto the web. The social media gained popularity as people started inviting other users to read, view, and comment on their posts. Social media are platforms that encourage people to interact, share thoughts, and discuss information online. (Mooney n.d.) in her book explains that social media takes many forms, including blogs, forums, message boards, social networks, video and photo sharing sites, and podcasts. Popular social media sites include Facebook, LinkedIn, Twitter, YouTube, Instagram, Pinterest, Blogger, and many others.
Privacy concerns in social media
People share a lot of information on the social media while interacting with friends, to express opinions or for a moment of fame. More often than not, the data is being seen by some of the unintended members of the social network also. (Garcia 2017) has argued that personal information of people outside a social network could be predicted with the data shared by other users. Further, every move a user makes online through computers, smartphones, and tablets can become information that can be collected, stored, and shared as explained by (Mooney n.d.) in her book. The barriers between private and public lives can become fluid on social media. Privacy concerns do emerge when personal details are spread beyond the intended audience or are used in unintended or unauthorized ways. Sometimes, serious consequences result from use of private data – including reputational harm. Comments and posts meant for a select audience can live forever publicly on the Internet for the consumption of everyone else also. A loss of personally identifying information arising from a privacy breach can expose individuals to risks such as embarrassment, loss of employment or business opportunities, personal safety and identity theft.
Cambridge Analytica, Facebook etc are just a few of the number of companies that track the online activities of customers to gain a competitive edge. These companies can use the information so collected themselves or monetize it by selling it to third parties. Such third parties know what users buy, their health status, social networks, browsing habits and even their financial health. This information can easily be used to profile a person and/or to provide targeted web content to their mobile devices, cajoling them to watch/read the intended information, and collect more personal data of the unassuming users; thereby pulling them into a vicious cycle. Facebook had admitted before the hearing in US Senate(Facebook, Social Media Privacy, and the Use and Abuse of Data 2018) that “Facebook’s goal is to deliver the right content to the right people at the right time. This is just as true of posts and other content in users’ News Feeds as it is for ads in their News Feed. And to choose the right ads Facebook listens to what feedback users provide.” – meaning whereby they collect user behaviour.
According to a 2013 Pew Internet Research report titled “Anonymity, Privacy, and Security Online”(LEE RAINIE, SARA KIESLER 2013), 55 percent of Internet users aged eighteen to twenty-nine have experienced some difficulty when personal information has been compromised online, including having a social networking account taken over without permission, being stalked or harassed online, having personal data stolen online, suffering reputation damage, becoming a victim of an online scam, or having something happen online that put them in physical danger. It would not be an exaggeration if the same holds good, albeit with variations in numbers; for India also.
With a significant number of social media users experiencing privacy violations, the need to protect privacy becomes critical. Several parties have a role in protecting privacy online, including individual users, Internet service providers, social media sites, and the government.
Legal or constitutional protection for users’ privacy is one way of providing a strong balance between the immense financial benefits that technology companies reap by use of personal data and the privacy of the users concerned. Self-regulation alone, as practiced in many countries would not suffice – as the Cambridge Analytica incident has shown.
Concerned that social media sites are not adequately protecting user privacy, debates for legislation to protect privacy on social media has taken steam. The GDPR of the EU shall be viewed in this context. The GDPR mandates that the privacy policies should contain what personal information you collect, how you collect it, what you use it for, how you keep it secure, whether you share it with third parties and whether users have any control over any of these. The GDPR aims primarily to give control to individuals over their personal data in the EEA. It mandated that the controllers of personal data must put in place appropriate technical and organisational measures to implement the data protection principles. Business processes that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data (for example, using pseudonymization or full anonymization where appropriate), and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or unless the data controller or processor has received an unambiguous and individualized affirmation of consent from the data subject. The data subject has the right to revoke this consent at any time. Thus GDPR came up with the concept of informed consent and the right to revoke the consent once given. It also mandates that the companies should report data breaches in a specified time frame. It further enunciates that the data subject has the right to request erasure of personal data related to them.
Justice Sri Krishna Committee report (JusticeSrikrishna 2018) discussed about the idea of data privacy in India. The report proposed inter-alia, the importance of consent and localisation of data and considers data as an asset. Ministry of Electronics & Information Technology, Government of India has formulated a draft personal data protection bill based on the said report. The bill proposes granting a rights to access, correction, data portability and the right to be forgotten to the data principals (consumers/users). The draft bill introduces a set of new obligations such as periodic data audits, maintaining the records of data processing and performing data protection impact assessments on the service providers. The bill requiring data fiduciaries to store at least one copy of personal data on servers or data centres located in India during cross border data transfers. The data protection law in India is expected to herald a new chapter in the privacy conundrum. Regulation of such social media platforms are essential lest they continue to monetize/utilize the data of unassuming subjects with immaculate ease, much to the detriment of privacy of unassuming users.
Social media and the Internet has changed the way the world communicates by bringing people together from all countries, backgrounds, and ages on common platforms. At the same time, the use of social media has triggered an increase in privacy concerns, as private information is being used by unintended people for unintended purposes. Navigating the social media while maintaining appropriate privacy has become difficult for users. While they should make individual choices, legislative interventions like the GDPR would help to a great extent in mitigating the privacy concerns of the people using social media. The legislation had made informed consent and right to be forgotten mandatory. India, having one of the largest user base for social media platforms shall take lead in addressing the privacy concerns for its citizens – as suggested by Justice Sri Krishna committee report. Last, but not the least, every man has the right to be forgotten, even by God.