Role of Social Media in a Democracy

Social Media has for long been considered the fourth pillar of democracy owing to its potential to not just report what is happening around the world but to build a public opinion about the ongoing issues. The term ‘democracy’ implies the participation of people. Media facilitates this participation.

The emergence of social media, however, has changed the way in which people now participate in democracy. Compared to traditional media, social media has a larger reach, is easily accessible, enables mass participation and provides instant updates. These factors have led to a situation where people rely more on social media than their traditional counterparts, to become aware of their surroundings and participate in discussions- political, economic, or otherwise, which in turn strengthens democracy. However, social media does not have only positive implications on democracy. On the flip side of the coin, it has been misused a number of times, often becoming the antithesis of democracy. The following headings discuss the role played by social media in a democratic setup, both positive and negative.

Learn more about Social Media with Enhelion’s Law firm certified Online Course! 

Election Campaigning

Free and fair elections are undoubtedly one of the most important elements of modern democracy, and election campaigning forms very much a part of it. Political campaigning is not limited to physical rallies and posters. Social media has entered the realm of campaigning and is extensively being used by various political leaders as well as political parties to communicate their agendas to the general public. The ubiquitous nature of the Internet allows the leaders and political parties to simultaneously communicate with the voters across regions.

Social media is used for political campaigning through commercials, blogs, tweets etc. using social networking sites like WhatsApp, Facebook, Twitter, to announce a candidate running for the election, organize physical campaigning, recruit supporters and volunteers, seek funds, mobilize voters, share the party’s election manifesto and the candidate’s message to the general public, among other things.

The ex-President of the United States of America, Barack Obama, is famous for effectively harnessing the potential of social media as his campaign strategy in the 2008 Presidential Campaign. Since young voters rely more on social media compared to conventional media, social media was used to establish a contemporary voter-politician relationship between Barack Obama and the voters. Regular voting reminders were sent on Twitter, and Facebook was used as a platform to interact with people. As a result, President Obama maintained a significant lead in both Facebook likes and Twitter followers over his rival Governor Romney during his election campaign. The significant difference in the response on social media was translated into the historic win of Barack Obama as the first Africa-American President of the United States of America.[1]

Learn more about Social Media with Enhelion’s Law firm certified Online Course! 

The field of social media campaigning has not been left unexplored by Indian politicians and political parties. Launched in 2012, the Aam Aadmi Party (AAP) ran its political agenda through social media and emerged victorious in Delhi Assembly polls. AAP used social media platforms like Twitter, Facebook and YouTube to interact with voters, share their election manifesto and raise funds, thus, keeping the election expense within the limit. Indian media reported that Arvind Kejriwal, the founder of AAP had admitted to adopting the strategies used by Barack Obama in 2008.[2]

Furthermore, in the 2019 general elections in India, there were around 15 million voters who were aged between 18 to 19 years. In light of these statistics and the interest of youngsters in social media platforms, various political parties adopted full-fledged social media campaigns to communicate with the large audience of voters, which in turn helped the parties to save their money, time and resources. Social media political campaigning has benefits other than saving the time and resources of the political party. Politicians are able to gauge their communication by viewing direct responses to their social media campaigning on Facebook, Twitter or Instagram.

Learn more about Social Media with Enhelion’s Law firm certified Online Course! 

Taking into account the potential of social media campaigning in the 2019 elections, the Internet and Mobile Association of India (IAMAI), in consultation with the Election Commission of India (ECI) had developed a set of ‘Voluntary Code of Ethics’[3] to be adopted by various social media platforms to ensure free, fair and ethical use of social media in order to maintain the integrity of the electoral process. By virtue of this Code, the social media platforms were required to develop a notification mechanism for violations of section 126[4] of the Representation of Peoples Act, 1951.[5]

Although the potential of social media has been used to a great extent by various political parties for election campaigning, however, it is imperative to understand that social media platforms sometimes go overboard for political purposes. In the 2020 Presidential election in the United States, there were numerous reports of Facebook posting ads of Donald Trump, violating its own pre-election policies wherein it had announced that it would stop accepting new political ads after 27th October and would indefinitely ban all political ads after the polls close. However, on the first day of the moratorium, several ads appeared on the platform which was later taken down after being flagged.[6] Furthermore, social media political campaigning also has another drawback. After social media has been used for campaigning to the maximum extent possible, politicians use it as a one-way communication tool, rarely engaging in discussions with the citizens. This continues after they have been elected; they use social media to inform the people of their constituencies about different policies, rather than engaging in discussions with them.

Political Discussions

A healthy democratic setup gives utmost importance to public participation as the government is “of the people, for the people and by the people[7]. Public participation can best be achieved by expressing one’s political views and discussing them with others. Efficient democratic deliberation assumes citizens as equal participants where opposing points of view are not only accepted but encouraged, and the main goal is to achieve a rationally motivated consensus.

From the point of view of political involvement, social media has taken the power of political messaging from the mass media model and firmly placed it into the peer-to-peer, public dialogue. It provides an environment where the ‘aam aadmi’ of a country is able to freely express his political opinions and expectations, with the use of his phone/device. Earlier, only those individuals could be a part of political discussions who read newspapers, watched news channels or discussed politics at the nukkad of the village. However, the tech-savvy nature of social media campaigning effectively makes the youth a part of political discussion as well. They take time to analyse and discuss political issues. Such discussions also influence administrative decision making.

Learn more about Social Media with Enhelion’s Law firm certified Online Course! 

One of the examples of healthy political discussion is the 2015 #SOTU,[8] which enabled Twitter users to react to the topics covered by Barack Obama in the State of the Union address. There were around 2.6 million tweets in this context.

However, social media has the potential to be misused to manipulate individuals. It should always be kept in mind that “computer technologies should be used to serve the interests of the people and not corporate elites, to inform and enlighten individuals rather than to manipulate them, to articulate their own experiences and interests, and to promote democratic debate and diversity, allowing a full range of voices and ideas to become part of the cyberdemocracy of the future.”[9]

Cyber Governance

Social media also plays a vital role in cyber governance i.e. the use of information and communication technologies to support governance. Taking the example of India, various Ministries and the Ministers of the respective Ministries have their official social media handles which they use to perform their functions. These social media handles, on one hand, help the citizen to easily let the concerned Minister/Ministry know about the grievances faced by him, and on the other hand, help the concerned Minister/Ministry to respond and resolve the grievance raised.

The peculiar feature of cyber governance is the element of time and resources used to raise concerns. Earlier, citizens had to write formal letters to the concerned Minister/Ministry and wait for days for a response. This traditional system becomes futile if the situation requires urgent intervention. Therefore, social media has become a boon for cyber governance.

Learn more about Social Media with Enhelion’s Law firm certified Online Course! 

The micro-blogging site Twitter was extensively used by late Sushma Swaraj, ex-Minister of External Affairs, to resolve the issues faced by Indian citizens trapped abroad. She rescued 168 Indians trapped in Iraq by acting on a video that was tweeted to her, and helped a number of other individuals, Indians as well as foreigners, to return to their homeland.[10]

Facilitator of political change in Arab nations

Social media platforms have also been used to accelerate revolutions in many Arab countries.

During 2010-11, a number of campaigns of civil resistance and street demonstrations took place in Tunisia. These efforts led to the ousting of President Zine El Abidine Ben Ali. During this process, social media played a positive role by spreading awareness among people, helping people to organize themselves using Facebook and clearing the clouds of misinformation by sharing photos and videos.[11]

Social media also played a key role in ending the 30 years long misrule by President Hosni Mubarak of the National Democratic Party in Egypt. It all started with a photograph being posted on Facebook. The photograph depicted a young man named Khaled Mohamed Saeed who was brutally beaten to death by the Egyptian police. This prompted an agitated Ghomin to start a Facebook page named ‘Saeed’ to highlight the scenario in Egypt. The number of followers of this Facebook page increased from 300 to 25,000 in just three months. The online expression of distress of the regime of President Mubarak spread to the streets of Egypt wherein the historic Tahrir Square in Cairo was filled with protestors shouting ‘We are all Khaled Saeed’. As a result, President Mubarak was forced to resign and dissolve his party.[12]

2.6. As a tool of manipulation  

Social media has also been used to manipulate the political choices of voters. This has a detrimental effect on the democratic setup of a country, where manipulation does not find a place.

The 2016 United States Presidential election was at the central stage of the allegations of the use of social media to manipulate elections. Facebook admitted that Russian Groups Company bought $100,000 worth of ads with the purpose of spreading disinformation and propaganda.[13] Furthermore, Cambridge Analytica, a political consulting firm, found itself in deep trouble over the United States 2016 Presential Elections involving Presidential candidate Donald Trump. It was found that it used deceptive means to gain access to data of about 87 million Facebook users, without their consent or knowledge. It was alleged that the firm got hold of such data through researcher Aleksandr Kogan, a Russian American who worked at the University of Cambridge. He built a Facebook app, which was actually a personality quiz. Around 2,70,000 people were paid to take this quiz, under the shadow of research. However, the catch was that the quiz was designed to access the Facebook data of the people taking the quiz, as well as the data of the people who they are friends with. The data included personal information on where users lived and what pages they liked, which in turn helped Cambridge Analytica to build psychological profiles of the quiz takers that analysed characteristics and personality traits. This kind of information was later used to tailor political messaging for Donald Trump’s presidential campaign.[14]

The attempts of manipulation directly go against individual autonomy as well as privacy enjoyed by the individuals.

As a Tool of Repression

Social media has been used to propagate one’s ideas and opinions. However, this platform has also been used by different organizations to propagate communal, racist and sociological tensions. Taking into account the possibility of exploitation of social media by such organizations, the Information Technology Act, 2000 contains a provision[15] which allows the Central Government to block public access to information on social media, on certain grounds namely in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above. These grounds are identical to the grounds mentioned under Article 19(2), based on which freedom of speech and expression can be curtailed by the government.

Learn more about Social Media with Enhelion’s Law firm certified Online Course! 

Since the power to block public access to information on the Internet and social media sites violate the freedom of speech and expression enjoyed by the citizens of India, such power should be used cautiously by the government. However, in recent times, the Central Government has overused this power to suppress genuine political discussion on social media. Some examples include the government’s order to Twitter to block certain tweets and accounts pertaining to farmer’s protests, anti-CAA protests as well as those criticizing the handling of the COVID-19 pandemic by the government[16]. These blocking orders highlight the misuse of power by the Government to curb political criticism, which is detrimental for the largest democracy in the world.


The advent of social media has taken democracy a step further by firstly, facilitating public discussions on important issues, whether political, religious, social or economic, secondly, providing a greater reach to election campaigning with minimal time and resources, thirdly, ensuring that the grievances of individuals reach the concerned authorities in time, and lastly, facilitating and accelerating political revolutions in countries. However, the use of social media in democracy has a flip side as well, which is highlighted by its use in manipulating the opinions of individuals and suppressing the voices of people raising genuine concerns on the social media platforms.

Therefore, though social media has vast potential to uphold and propagate democratic principles, however, it should only be used in a bona fide manner to further lawful political interests. Furthermore, social media, in absence of a privacy and data protection regime in a country, is highly susceptible to exploitation by organizations who manipulate the psychology of individuals by using the data of social media users, without their consent, or even knowledge.

Learn more about Social Media with Enhelion’s Law firm certified Online Course! 

[1] Jennifer Aaker & Victoria Chang, Obama and the Power of Social Media and Technology, STANFORD BUSINESS (Feb. 28, 2021, 9:20 PM),

[2] Sevathi Ninan, Learning media strategy from AAP, LIVE MINT (Apr. 28, 2021, 9:30 PM),

[3]PIB,,bye%20elections%20being%20held%20simultaneously (last visited Apr. 26, 2021).

[4] Prohibition of public meetings during period of forty-eight hours ending with hour fixed for conclusion of poll.

[5] Jinala Sanghvi, Role of social media in Indian politics, LEGAL DESIRE (Apr. 28, 2021, 9:36 PM),

[6] Abhishek Singh, Democracy in times of social media, THE INDIAN EXPRESS (Apr. 25, 2021, 3:43 PM),

[7] Richard A. Epstein, Direct Democracy: Government of the people, by the people, and for the people, 34 HARVARD LAW JOURNAL AND PUBLIC POLICY 819, (2011),

[8] TWITTER,, (last visited Apr. 26, 2021).

[9] Fenton & Barassi, Alternative media and social networking sites: The politics of individuation and political participation, 14(3) THE COMMUNICATION REVIEW 179-196, (2011).

[10] Ten times when Sushma Swaraj won the internet with her Twitter outreach as Foreign Minister, LIVE MINT (Apr. 29, 2021, 2:20 PM),

[11] How Social Media Accelerated Tunisia’s Revolution: An Inside View, HUFFPOST (Apr. 28, 2021, 2:10 PM),

[12] Serajul I. Bhuiyan, Social media and its effectiveness in the political reform movement in Egypt, 1(1) MIDDLE EAST MEDIA EDUCATOR 14, (2011),

[13] Scott Shane & Vindu Goel, Fake Russian Facebook accounts bought $100,000 in Political ads’ THE NY TIMES (Apr. 27, 2021, 9:30 PM),

[14] Nicolas Confessore, Cambridge Analytica and Facebook: The scandal and the fallout so far, THE NY TIMES (Apr. 27, 2021, 9:36 PM),

[15] The Information Technology Act, 2000, s. 69A.

[16] Pranav dixit, Twitter is blocking tweets that criticize how the Indian government has handled the pandemic, BUZZFEED NEWS (May 5, 2021, 11:13 AM),


The interplay between cyber forensics and threat to cyber security in digital spaces like Clouds

More and more businesses organizations are becoming dependent on technology, and most of the data and information is being stored online. The development of storage technologies and computing resources, which are reasonably priced, provide more storage on demand, and are ubiquitously located, became inevitable. Cloud computing is the product of such technological development. In simple terms, cloud computing services provide resources (like a computer, storage, network, etc.) to organizations on a lease and on-demand basis. It helps various organizations to increase affordability and availability. Owing to the potential cloud computing services hold, various enterprises- large, medium and small, as well as individuals, have stepped up and made use of these services to the maximum extent possible. [1] However, increased reliance on the Internet also has a dark side, i.e. cyber security concerns.

Cloud computing services are peculiar in the following ways-

  1. It provides on-demand self-service, i.e. users can avail and manage the resources automatically;
  2. It provides ubiquitous network access, which helps in delivering the resources to heterogeneous users located in different parts of the world;
  3. It provides the option to scale up and down the resources based on the user’s needs. This feature had proved to be very helpful in times of COVID-19 when on the one hand, few users scaled up the resources owing to the increased dependence on technology and work from home measures, and on the other hand, few others (primarily small entities) scaled down the resources because of lack of financial capability to afford the same;
  4. It provides a pay-as-you-go service, i.e. the users spend based on consumption. 

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

There is no doubt that cloud computing will enable further technological changes in the future. However, increased reliance on the Internet also has a dark side, i.e. cyber security concerns. Cloud computing has various issues, like privacy and security concerns. Since most of the data is stored in the cloud, any breach into the network implies firstly, breach of cyber security measures and secondly, jeopardizing the privacy of the individuals whose data is stored. Data breaches resulting from cloud misconfiguration led to a loss of nearly $3.18 trillion to businesses in 2019. [2] Furthermore, increased reliance on technology and cloud services during the COVID-19 pandemic also increased reliance on technology and cloud services has privacy and security implications attached to it. 

Cloud computing services are also often victims of malware infections. Distributed Denial of Service (DDoS) attack is the most common threat wherein a large volume of traffic is sent to a web-based application, leading to the crashing of servers. Botnets are also emerging as one of the most severe threats to cloud security as they provide a distributed platform for major illegal activities in the cloud.

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

Insecure Application user interfaces (APIs) also pose a cybersecurity challenge. APIs are the primary tools that enable interaction with cloud storage systems. Generally, they are used by the staff of an entity that uses cloud services and the staff of the cloud service provider. It is pertinent to note that many APIs are still vulnerable, which gives the cloud service provider an undue level of access to the data. For example, in March 2021, we found that Facebook stored the passwords of its users in plain text instead of encrypted text, which could be read by any staff within the organization. [3]

Cyber forensic tools can be used to address the challenge of cyber security posed by the use of cloud computing services. Cyber forensics help identify the offender, procure the required evidence and prosecute him. However, the use of cyber forensics in cloud computing services per se poses several challenges[4] owing to the nature of these services. 

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

Firstly, traditional cyber forensics methodology requires turning off the device and making an image of the hard drives. However, this methodology is not a viable option in the present time as entities are entirely dependent on cloud computing services, which act as their servers. Since cloud computing is not something that can be turned off by switching off the device, the traditional cyber forensics methodology becomes futile in the case of cloud computing. 

Secondly, cyber forensics uses the provenance technique to trace life changes and data transformation. However, such technology becomes futile in cloud computing, where the infrastructure is very complex to trace the originator of the data, the person who modified it and when it was modified. 

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

Thirdly, since the ‘cloud’ in ‘cloud computing’ signifies cyberspace, it is believed that the data in the cloud is stored in cyberspace. However, the providers of cloud computing services locate their services in various physical locations. Therefore, to procure electronic evidence, it becomes challenging to access such data due to its geographic distribution and the subsequent necessity of complying with the legal requirement of such jurisdictions. 

Fourthly, specific file systems used in the cloud could be redesigned, customized or specifically created to cater to the users’ needs. Traditional cyber forensics methodologies fail to retrieve data from such files as their structure is unknown to anyone other than the cloud computing providers. 

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

Lastly, since cloud computing services hold an enormous amount of data, it becomes difficult to retrieve a particular data without carrying out a mass data analysis using data mining technology. Such technology is not a part of the traditional cyber forensics methodologies. 

Therefore, the architecture and model of cloud computing makes it more complex to retrieve evidence using traditional cyber forensic tools. In such a situation, the development of newer devices to cater to the specific challenges posed by cloud computing becomes a necessity. 

  [1] Julian Jang, Surya Nepal & Y Jay Guo, Cybersecurity threats in cloud computing, 1(1) Australian Journal of Telecommunications and the Digital Economy 4.2., (2013). 

[2] Hashedout, (last visited May 8, 2021). 

[3] the Tech Republic, (last visited May 8, 2021).

[4] Pedro Ramos Brandao, Computer forensics in Cloud Computing Systems, 1(1) BirEx 71, (2019). 


Laws governing the Telecommunications sector in the United Kingdom

The current legal regime governing the telecommunications sector in the United Kingdom (UK) comprises primarily of two laws:

  1. The Communication Act of 2003[1], and
  2. The Wireless Telegraphy Act of 2006[2]

Before the 2003 Act was enacted, the Director-General of Telecommunication (DGT) was established as the independent regulatory authority under the Telecommunication Act, 1984. However, the 2003 Act replaced the 1984 Act to give effect to the Framework Directive (2002/21/EC)[3], which resulted in the setting up of the Office of Communications (Ofcom) as a new regulator of communications under the 2003 Act. The Digital Economy Act, 2017 prescribes that Ofcom is to be entirely funded through industry fees.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Ofcom is responsible for the regulation of all electronic communication networks and services and for licensing of broadcasting services as well as promoting fair competition across the industry, in collaboration with the Competition and Markets Authority (CMA), by enforcing the competition laws.

The main idea behind the new regime of the 2003 Act was to reduce the regulatory burden on the communications providers (referred to as providers hereafter)[4]. This approach was implemented employing general conditions and certain special conditions (if applicable), which the providers must comply with. General requirements apply to all providers, while special conditions apply to certain providers in certain situations. It is pertinent to note that there is no need for general authorization or licensing to provide electronic communications networks and services in the UK. Providers are merely required to comply with the General Conditions of Entitlement[5]. The general conditions were recently revised in 2018. Furthermore, Ofcom has the power to set specific requirements relating to universal service, access (network access and service interoperability), privileged operators (public communications providers) and significant market power (SMP- having dominance either alone or collectively with others in relevant markets). [6] Ofcom can impose financial and other penalties on failure to comply with specific conditions[7].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Concerning radio and mobile communications in the UK, service and network providers must receive a license from Ofcom under the Wireless Telegraphy Act, 2006 (WTA). The permit contains details relating to the specific frequency, use, fees and duration of the license. Ofcom is also empowered under the WTA to prescribe ‘Administered Incentive Pricing’, which allows setting fees above the administrative costs to encourage efficient spectrum use.

After UK’s exit from the EU, certain amendments were required to be made to the existing laws. These changes were incorporated through various Regulations in 2019[8], and now, the UK is no longer necessary to comply with any EU Directive or Regulation of the telecommunications sector.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

[1] Communication Act, 2003.

[2] Wireless Telegraphy Act, 2006.

[3] To give effect to Directive 2002/21/EC, Directive 2002/20/EC, Directive 2002/ 19/EC and Directive 2002/22/EC.

[4] The general authorization regime under the Act does not distinguish between fixed, mobile and satellite networks and services.

[5] OFCOM, Original Notification setting general conditions under section 45 of the Communications Act

2003, Jul. 22, 2003,

[6] Supra note 57, § 45.

[7] Supra note 57, § 96A-104.

[8] Electronic Communications and Wireless Telegraphy (Amendment etc.) (EU Exit) Regulations 2019 and the Broadcasting (Amendment) (EU Exit) Regulations 2019.



Right to Privacy and its Significance in Social Media

Life and personal liberty can be considered as inalienable rights which an individual enjoys by virtue of being a human. These rights are inseparable from a dignified human existence.[1] According to J S Mill, “privacy is an aspect of liberty grounded on the permanent interests of man as a progressive human being”.[2] It exists in every human being, irrespective of socio-economic status, gender or orientation.

Until a few years ago, there was a lack of clarity with respect to the scope of the right to privacy under the Indian Constitution. However, in 2017, the nine-judge bench of the Supreme Court in Justice K.S. Puttaswamy v. Union of India[3] held that privacy is a fundamental right, as part of the right to life and personal liberty under Article 21. However, it cannot be considered as an absolute right and is subject to invasion by state, only if such an invasion is based on “legality, need and proportionality for safeguarding this cherished right”[4].

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

It is pertinent to note that privacy should not only be protected in the physical world but in cyberspace as well. The use of the Internet and social media has become very common in India owing to the availability of smart devices, lower internet tariffs and global connectivity.

The social media platforms, on one hand, provide an effective platform to freely express oneself to a large audience, and on the other hand, risk the exposure of certain sensitive personal data of the users. In certain situations, the user is aware of the information being collected by the social media networking sites, however, there might also be instances where the user is completely unaware of the information trail he is leaving online, over which he has no control. Such information can be used by potential offenders to commit physical crimes. For example, in 2016, a group of thieves pretended to be Police officials, entered a hotel in Paris where Kim Kardashian,[5] an American model, was staying for the time being and robbed her at gunpoint. It was later found out that the thieves were following Kim’s Instagram posts where she uploaded pictures wearing costly jewellery and tracked down Kim’s location using her Instagram. This instance shows how potential cybercrime offenders can exploit social media platforms to commit conventional crimes. This example was just one of many instances where information either provided or retained by the social media sites could be made use of for purposes unknown to the user, thus violating the user’s privacy. Therefore, just like any other aspect of life, privacy is an indispensable part of social media life as well.

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

The existing and emerging legal framework governing the right to privacy vis-à-vis social media in India

  • The Information Technology Act, 2000 (I.T. Act)[6]

The right to privacy in social media has been protected in India even before privacy was even recognized as a fundamental right. The Information Technology Act, 2000 is considered comprehensive legislation dealing exclusively with the aspects of privacy in the realm of cyberspace.

Section 43A of the I.T. Act obligates a body corporate that possesses, deals or handles any sensitive personal data or information in a computer resource, to implement and maintain reasonable security practices and procedures. If the body corporate fails to do so, and as a result, there is a wrongful loss or wrongful gain to any person, such body corporate can be made to pay damages to the affected person.[7] The provision further defines ‘body corporate’[8] and ‘reasonable security practices and procedures[9].

Furthermore, the I.T. Act, under Section 69A, authorizes the Central Government to block public access to any information through any computer resource under certain grounds[10]. This provision has been relied on by the Government to ban various Chinese apps, including the social media site TikTok, over privacy concerns.[11]

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

  • The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) [SPDI] Rules, 2011[12]

With respect to the reasonable security practices and procedures which the body corporate is required to implement under the I.T. Act, section 43A has to be read with the SPDI Rules of 2011. These rules provide a detailed framework for the implementation of section 43A.

The Rules firstly define ‘personal information[13] and ‘sensitive personal data or information.[14] It obligates the body corporate to-

  1. Provide a privacy policy for handling personal information, including sensitive personal information, to the users[15]. The same has to be published on the website of the body corporate[16];
  2. Obtain the consent of the user providing sensitive personal information, regarding the purpose of usage, before collecting such information[17];
  • Take prior consent of the user before disclosing any sensitive personal information of the user to a third party[18];
  1. Have a documented policy containing managerial, technical, operational and physical security control measures that are proportional to the information assets being protected with the nature of business.[19]

Therefore, it is evident that the SDPI Rules primarily cover privacy concerns over sensitive personal information. However, such protection has not been provided to the personal information of the user.

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

  • The Personal Data Protection Bill, 2019[20] (PDP Bill)

Taking into account the limited protection provided to privacy on social media by section 43A of the I.T. Act read with the SDPI Rules of 2011, and the judgement of the Apex Court in the Puttaswamy case[21] recognizing privacy as a fundamental right, the Personal Data Protection Bill, 2019 was finally drafted to provide a robust framework on privacy and data protection in India.

The Bill defines ‘personal data’[22], ‘sensitive personal data[23], ‘data principal’[24], ‘data fiduciary’[25] and ‘consent’[26].

By dealing with the loopholes of the existing legal framework in India, the PDP Bill obligates the processing of ‘personal data of an individual only for specific, clear and lawful purposes [27]. It further provides that processing of personal data should be carried out in a fair and reasonable manner to ensure the privacy of data principal and for the purpose consented to[28]. Furthermore, personal data should be collected only to the extent necessary for the purpose of processing.[29]

With respect to the consent of data principal, consent should be obtained prior to processing of personal data[30] and should be specific vis-à-vis the purpose of processing[31]. Furthermore, with respect to consent for the processing of sensitive personal data, it should be obtained after giving the choice to the data principal to separately consent for purposes of the use of different categories of sensitive personal data[32].

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

The PDP Bill has not yet become law and is currently referred to the Standing Committee[33].

  • The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021[34]

The Government of India notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which replaced the Information Technology (Intermediaries Guidelines) Rules, 2011.

Under the Rules, the intermediary is required to publish its privacy policy on its website[35]. Further, the intermediary is required to periodically inform its users that in case of non-compliance with privacy policy, it has the right to terminate the account of such users [36]. However, the Rules do not talk about the elements and aspects of the privacy policy, leaving it to the whims and fancies of the intermediaries in the absence of a privacy and data protection framework in India. Furthermore, the provision of traceability of originator of information[37] under Rule 5(2) has the implication of violating the privacy of the users as for tracking the first originator of a message/information, the intermediary should have access to the metadata of the entire chain of the conversation. Therefore, in order to comply with the traceability requirement, the significant social media intermediaries will have to break end-to-end encryption, thereby compromising the privacy of communication.

WhatsApp privacy policy issue

The current privacy policy change by WhatsApp is undoubtedly the best example to illustrate the concern of the right to privacy on social media. Before understanding the implications of policy change in 2021, let us first understand the policy change in 2016.

WhatsApp was launched in 2010 and was bought by Facebook in 2014. Facebook affirmed that it would not change the privacy policy of WhatsApp. However, in 2016, WhatsApp announced a change in its privacy policy to be effective from the 25th of September 2016. The new policy sought to collect information like phone numbers, names, device information etc. of every WhatsApp account, and share the same with the parent company, Facebook. As a result, a petition was filed in the Delhi High Court challenging the change of the policy. In Karmanya Singh v. Union of India,[38] the Delhi High Court rejected the petition but directed WhatsApp to delete the data collected till 25th September 2016 from its servers. The information shared post-25th September was allowed to be shared according to the new policy. Aggrieved by the decision, the petitioners appealed to the Supreme Court, where this case is presently pending.[39]

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

In January 2021, WhatsApp came up with a new privacy policy that basically does not touch upon the end-to-end encryption feature, however, WhatsApp can now share user metadata with its parent company and its subsidiaries[40]. WhatsApp gave two options to its users- either accept the policy and continue using the platform, or the WhatsApp account will be eventually deleted. Therefore, in essence, an opt-out option for the new policy change was not provided to the users.

Taking these developments into account, an application[41] was filed in the Apex Court challenging the new privacy policy. The application claimed that WhatsApp was offering lower privacy protection in India as compared to Europe[42]. The primary issue in the case is whether the ‘opt-out’ provision simply opts out of the application in totality i.e. whether WhatsApp is obligated to provide a specific option of ‘Not sharing data with Facebook. The case is currently pending in the Supreme Court.

It is pertinent to note that WhatsApp was able to come up with a privacy policy of ‘take it or exit it’ because of the lack of privacy and data protection framework in India. In such a situation, users have to rely on the privacy policies of the company as the I.T. Act read with SDPI rules provide very limited protection in this regard. If the PDP Bill had become law, WhatsApp would never be able to come up with a policy like this as the provisions of the Bill ensure that information is collected only for a specific purpose for which consent of data principal is explicitly taken and that the data fiduciary takes consent for processing sensitive personal data separately for each different purpose[43]. This provision would have prevented WhatsApp from taking consent for both purposes (for a chat with friends and family and chat with businesses) together, as messages with business entities could reveal sensitive personal data like health information, sexual orientation, etc. However, the scope of Clause 11(3)(c) should be expanded to include ‘personal data’ rather than ‘sensitive personal data of the data principal, just like Article 7(2) of the GDPR.

Learn more about Constitutional Law with Enhelion’s Online Law firm certified Course! 

[1] Opinion of Justice D Y Chandrachud in Justice K S Puttaswamy v. Union of India, (2017) 10 SCC 1.

[2] Jack Stillinger, Introduction in John Stuart Mill Auto biography, OXFORD UNIVERSITY PRESS, 7 (1971).

[3] Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.

[4] Id, part T(3)(H).

[5] VANITY FAIR, (last visited Apr. 26, 2021).

[6] The Information Technology Act, 2000, No. 21, Act of Parliament, 2000.

[7] Id., § 43A.

[8] Id., explanation (i).

[9] Supra note 7, explanation (ii).

[10] If such information is prejudicial to the sovereignty and integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or incites the commission of any cognizable offence relating to above.

[11] BBC, (last visited Apr. 26, 2021).

[12] The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

[13] Id., Rule 2(1)(i).

[14] Supra note 12, rule 3.

[15] Supra note 12, rule 4.

[16] Id.

[17] Supra note 12, rule 5.

[18] Supra note 12, rule 6

[19] Supra note 12, rule 8.

[20] The Personal Data Protection Bill, 2019.

[21] Supra note 3.

[22] Supra note 20, cl. 3(28).

[23] Supra note 20, cl. 3(36).

[24] Supra note 20, cl. 3(14).

[25] Supra note 20, cl. 3(13).

[26] Supra note 20, cl. 3(10).

[27] Supra note 20, cl. 4.

[28] Supra note 20, cl. 5.

[29] Supra note 20, cl. 6.

[30] Supra note 20, cl. 11(1).

[31] Supra note 20, cl. 11(2)(c).

[32] Supra note 20, cl. 11(3)(c).

[33] PRS INDIA, (last visited Feb. 26, 2021).

[34] The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

[35] Id., rule 4(1)(a).

[36] Supra note 34, rule 4(1)(c).

[37] Supra note 34, rule 5(2).

[38] Karmanya Singh v. Union of India, 233 (2016) DLT 436.

[39] SC OBSERVER, (last visited Apr. 26, 2021).

[40] The latest clarifications from WhatsApp drew a differentiation between “messages with friends or family” and “messages with a business”. It claims that the new privacy policy pertains to the latter alone and the former remains unchanged. WhatsApp has clarified that some “large businesses might need to use secure hosting services from Facebook to manage WhatsApp chats with their customers, answer questions, and send helpful information like purchase receipts”.

[41] Supra note 38.

[42] In Europe, by virtue of General Data protection Regulation, though WhatsApp privacy policy talks about data sharing with Facebook, however, the users can rectify, update or erase information that the platform controls.

[43] Supra note 20, cl. 11(3)(c).