Author: Kartikey Arora, I year of B.B.A.,LL.B. from University School of Law and Legal Studies (USLLS), GGSIPU, Dwarka ,New Delhi
In a technologically advanced, innovation driven world there is an endless list of apps and sites collectively termed as social media that provide with an interface to connect, communicate and interact with the world at large. It is not only restricted to allowing people to share their own thoughts and activities but also get to know more about other people through the concepts of following, followers, connections etc. Although this has a vast and diverse amounts of benefits but many at times amidst the lines of enhancing connections and the maximum utilization of social media, we often give away our fundamental and basic right of privacy. Data privacy in simple terms refers to the control and command that we have over our personal information i.e. name, date of birth, address, location etc.
Whenever we come across the terms of service of any social media app by clicking on ‘I Agree’ we essentially enter into a legal binding contract with the particular app or site. Now this contract does have a consideration which might be in terms of a fee in case of paid access, while in case of free access the cost of using the apps itself comes at a cost of infringement of the privacy of an individual. The prescribed social media app or site gets full rights to share the personal information of the user with any third-party for collecting data in terms of usage or for creating advertisements matching the needs of users.1This article analyses how data privacy today stands as a global threat and the laws put in force internationally to restrain the breach of privacy; along with the need to curb certain loopholes in such laws.
MAJOR PRIVACY ISSUES ACROSS THE GLOBE
In a world where social media presence has become almost as prevalent as consuming food for survival the number of users have grown by many folds in almost a span of 10 years in the 21st Century. In America, according to the Pew Trust statistics, the number of users has grown fourteen fold over the last decade. With this exponential growth in the number of users what has also significantly risen is the threat to data privacy. Crimes have also seen an immense escalation in terms of breach of privacy through social media apps by hacking accounts of people, stealing personal data and also infringing the privacy rights of their connections including friends, family, relatives etc.
About 13% of Americans have experienced unauthorized use of their data on social media platforms,while 9 out of 10 Canadians feel that their online information is prone to data breach;2 at the same time 79% of internet users across the world believe that they have lost control over their personal data.3 In such a scenario it is integral to bring to the knowledge of the readers as to what types of privacy issues are actually widespread to curb the threat of privacy breach. Following are few of the most important and popularly used methods through which the violation of data privacy is carried out:
1. Data Mining
Once a person willingly presses on "I agree" after going through terms of service and many at times ignoring it in order to quickly access the desired social media site or app, the app platform gains the right to do whatever it pleases with the private information cause as already stated it acts as a consideration in return fie providing free access to the app or site. This information can then be:
A. Shared with any third party
B. Shared with an advertising agency for the sake of advertising to targeted audience
C. Shared or stored in countries where privacy laws are lenient for e.g. people in Canada are concerned about their data being stored elsewhere outside their own country.
D. They can also share your photos and profile details integrating it with ads and promotions.
E. Used to influence your opinions, likes and dislikes as in the case of Cambridge Analytica when the data of millions of users in U.S & Canada where leaked by social media giants like Facebook in order to shape opinions and gain insights during 2016 U.S election campaign.
2. Privacy Setting Loopholes& Mergers
When using social media platforms, one might have come across a privacy setting that might provide an individual the assurance that they can bolster their data privacy providing a layer of protection. Despite this trend being prevalent in today’s times, it acts more like a loophole rather than an advancement in terms of data protection. This is so because even when the privacy settings are turned on the posts, messages or information shared is accessible to the friend circles of the user sharing the same, many at times not many in the friend circle have privacy settings turned on which in turn result in the messages being within the reach of friends of those friend circles thus they can share it with almost anyone; making the privacy settings a futile instrument in the implementation of data privacy.
Another trend that has gained prominence over the recent times is the merger of social media platforms that acts as an inherent threat to data privacy as the companies tend to change their privacy policies. A prime example of this being the merger of WhatsApp an app that gave data privacy utmost priority, with social media giant Facebook. Back in 2012, the CEO of WhatsApp declared that they do not and will not share the data of their users with any third-party, consequently after the takeover by Facebook in 2014; it was declared that all the privacy policies of WhatsApp had to align with the parent company of Facebook which were much weaker compared to the prioritized privacy settings of WhatsApp originally. Thus infringing the privacy of millions of users across the globe.4
3. Phishing Attempts
One of the most common methods of private data hacking used by criminals and hackers throughout the world is phishing. In simple it refers to the practice of stealing data by sending in fake emails, texts, messages which appear to be legitimate thus inducing the person to put in the desired private information. This could in the form of a fake bank page or fake accounts on social media sites such as Instagram, Facebook, Twitter etc. This activity has heightened especially in social media platforms with many users in August 2019 being targeted with fake Instagram accounts in order to gain two-factor authentication.
4. Malware Sharing & Botnets
Malware or a malicious software has the ability to hack into the user data and steal information or private date in the form of spyware, can also extract money in case bank accounts being compromised by phishing attempts through net banking or use of bank webpage in the form of ransomware. Once a social media account is compromised i.e. a malware has been installed in the system it can then be used to send malicious links to friends and relatives of users, thus compromising their private data as well.
Along with malware sharing another pertinent threat to data privacy are automated bots. These bots look for specific search terms on social media platforms and automatically follow the targeted user. These bots being large in number tend to form a network called botnet which send the targeted users spam messages, emails and texts breaching their privacy once clicked upon.
INTERNATIONAL LAWS ON DATA PRIVACY OF SOCIAL MEDIA
I. Universal Declaration of Human Rights (UDHR)
The Universal Declaration of Human Rights was the first ever international statute to mention privacy issues as fundamental and basic right of every human being. Article 12 of the declaration states the following:
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor attacks upon his honors and reputation. Everyone has the right to protect against attacks. "
It also put forth 4 types of privacy they being physical privacy (of a particular individual and their residence), decisional privacy (of the family of the individual), dignity (of one’s reputation) and informational privacy (of the data one shares using the internet and social media).5
II. The Right to Privacy in the Digital Age: Report of the Office of the United Nations High Commissioner for Human Rights, 2014
This report was established by the United Nations keeping in mind the rising threat to data privacy with the advent of internet and social media. It laid down certain guidelines and stated that irrespective of national laws across the globe the state will only be allowed to intervene with private data of individual citizens if it does not infringe the provisions of the convention. It also talked about judicial intervention and how it is necessary but not a one stop solution to privacy issues. Taking into note how judicial intervention and committees merely act as rubber-stamping processes, it held that enforcing privacy of individuals should be a constructive and combined aim of the judiciary, administration and legislature.6
DATA PRIVACY: THE WAY FORWARD
As we have already discussed how data privacy is at weak pedestal across the globe often ignored and taken advantage of by social media giants. There is a need for enforcement of strict laws at the earliest along with the proper awareness among people regarding privacy issues. Many laws are already in place such as the Information Technology Act, 2000 in India, Data Protection Act 2018 in United Kingdom, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the Federal Trade Commission Act (FTC) in United States of America. All the laws have put down various guidelines in order to prevent breach of privacy. Most of them lay down necessary guidelines to ask for consent and permission of users and individuals before sharing their private data with any third-party. To protect the users from deceptive practices of companies and social media giants. Also enforcing penalties in case of breach of data privacy through a software, computer or a site. However, there are still various loopholes in the said legislations. They lack a proper procedure that would restrain the social media giants from sharing the private data with third parties many at times placed outside the jurisdiction of national laws itself i.e. when they are stored in a different country where privacy laws are lenient.
Although about 67% people in India7 and 34% people in Canada8 have a knowledge regarding privacy rules & regulations of the country about 70-80% of them are concerned about where their data is actually going and feel that they might be hacked anytime. 38% people in U.K feel that the scenario of data privacy laws have deteriorated over the past year. The need of the hour is to take certain steps to prevent possible privacy breach until stringent laws are put into place regarding the same. Some of the steps in my opinion are as follows:
i. Regularly change the passwords that you use for your account on any social media platform and make sure that you do not use the same password everywhere just for the sake of remembering it quickly as it can be really dangerous making your account liable to be compromised easily.
ii. Make sure you go through the terms of service of the apps you use at least once, now I agree it is a really tedious task but for now is the best alternative to having your privacy compromised, especially in case of unpaid apps or sites.
iii. Make sure to keep the location services or the GPS of your devices turned off unless it is completely necessary or you are using the maps. This is so because location and address act as an essential information for initiating phishing attempts and botnet attacks.
1) Facebook Cambridge Analytica Case
One of the most popular cases which brought the issue of Data Privacy to the forefront of world news. In this case fake app by the name of “This is your Digital Life” was created and the data of about 87 million Facebook users was leaked and collected by Cambridge Analytica which the analyzed it and help influence the opinions of people during the 2016 U.S elections. Aiding election campaigns of contestants such as Ted Cruz and Donald Trump. It also influenced the UK Leave Vote Campaign.9
2) K.S Puttaswamy v. UOI
The most important case of Right to Privacy in India when the Right to Privacy was enlisted as a fundamental right as a part of Article 21 of The Right to Life& Liberty. This formed the ground of laws on data privacy in India.
3) Digital Rights Ireland Ltd v. Minister for Communications Andrew Roberts
In Digital Rights Ireland Ltd v. Minister for Communications, the European Court of Justice found the EU Data Retention Directive, which required and rendered the retention of communications data for up to two years, to be incompatible and inconsistent with Articles 7 and 8 of the EU Charter of Fundamental Rights, which talks about the right to private and family life and the protection of personal data.10
4) In re Warrant to search an email account controlled and maintained by Microsoft Corp. Case of District Court
In this case it was held that the State Government has a right to ask for enquiry of emails on the terms of national security from Microsoft Corp. It was held that the government has a right even if the information is stored outside the country as when it comes to digital access there isn’t a lack of jurisdiction per se.11
Having had a glimpse of what exactly the data privacy issues of social media are and the laws pertaining to the same in various countries, it is integral to keep in mind the importance of data privacy in today’s times. In a world filled with tech giants almost having a monopoly over the market, taking undue advantage of private data by sharing it with third part to earn money in the form of promotions and sponsorships it is imperative to take control and have knowledge of your own data following the very essence of data privacy. Although the laws are in place but as already discussed there are lacunas in the frameworks thus rendering social media accounts of internet users liable to compromise. Therefore, the need of the hour is to spread awareness regarding the threats of data privacy, keep in mind the laws already enforceable so that you can use them to your advantage and finally take certain steps at our own level to ensure that the data we share and have feeded on various social media accounts is in safe hands.
7. Ibid, point 3
8. Ibid, point 2