Privacy Policy of Social Media

Author: Ashish Kumar Karmakar, Dhubri Law College, Gauhati University

Online utilities under social media allow individuals to distribute and exchange digital content in forms such as texts and audio together with images and videos between users. The platforms enable users to establish connections with distant individuals and organizations through their interactive features that support various forms of communication. Matured technology provides users access to the diverse social media applications between social networking tools like Facebook, Twitter, Instagram and blog sites that post videos or texts in articles and micro blog services through Tumblr and video platforms including YouTube, TikTok and professional platforms like LinkedIn and indeed.

The method of reaching people and distributing data through social media platforms has gained remarkable strength in modern times. This modern tool has fundamentally altered social interaction between community members and changed both product marketing methods along with news reporting processes and customer conduct throughout all generations. Social media enables instant updates which make it an essential information source for crisis situations and social events and democratic movements.

The network has transformed into a platform where all users with access to the internet can generate content which shares personal viewpoints regarding their choices. Online influencers together with content creators have emerged along with social media consumers who now distribute information directly to big audience bases while bypassing traditional media control gateways. The platform's democratic features create problems regarding accurate information dissemination because misinformation spreads rapidly throughout these networks and users must monitor these practices.

Compliance with legal procedure is a prerequisite fundamental aspect which ensures privacy on social media platforms. Social media is a broad platform in which people can access from various nations with the intent of exploring various things by way of the internet. There always exists a risk of infringement of privacy policy which might lead to enormous damages as well as loss of reputation. It is mandatory to structure the precise legal obligations and regulations on privacy policy that the social media’s commitment to adhere to legal standards. To cope up with these unexpected happenings there are certain legal procedures that must be complied with best practices in social media platforms. There are some relevant laws which are aligned with privacy policy to assure the users of lawfully dealing with their personal information.  

1. GDPR (General Data Protection Regulation) (1): GDPR basically acts as the regulation for protection of data and privacy of the users which was established by the European Union in the year 2018. The language of the privacy policy shall be simple, clear and concise rather than technical jargons and complexities so that the users easily perceive how their data is to be utilised. GDPR compliance is mandatory for all kinds of organisations to collect, store and process the private or personal information and data of the users. It explicitly mentioned how the data shall be collected, used and protected for different occasions and it also ensures to get a clear consent or permission for utilising the data and information of the users. GDPR grants the users the right to access, modify, erase and restrict the processing of their personal information as well. Apart from these, there is a robust procedure of security measures for unauthorised access, alteration or deletion or destruction of the data of the users. It plays a prominent role towards protection of privacy policy for different kinds of infringement happening within social media platforms. The following are the necessities for GDPR compliance:

2. GDPR requires the organisations to appoint a Data Protection Officer to protect and mitigate the risk associated with the data of the users for compliance purposes. 

3. To identify and reduce the risk in connection with personal data processing, it is essential to conduct Data Protection Impact Assessment.

4. It is essential to respond within the particular timeline to access the personal data of the users.

There are certain effects of non-compliance with GDPR:

1. If the organisation does not comply with GDPR norms and policies shall impose a fine which might be up to 20 million euro or @4% of the international turnover, which is higher.

2. If the organisation omits to comply with GDPR, the consequence shall be severe such as tarnishing their reputation and can break the faith of the customers.

3. Non-compliance with GDPR may lead to various action taken against the organisation such as investigation, audits and can further ban on users personal data processing. 

2. Digital Personal Data Protection (DPDP) Act, 2023 (2): DPDP Act is a new law in India regarding data protection. This Act was passed in the Indian Parliament to regulate data and privacy related issues of the users. This data protection law specifically applies to Indian citizens to protect the data and it also applies to non citizens of India who reside in India for any activity that is in connection with goods and services, the data is to be preserved. This Act also defines the rights and obligations of the users that for which purpose the data is to be collected and the right to know the data is shared with  whom for which purpose, a detailed description has to be provided to the users. This Act also protects the data and information in social media platforms for individual privacy is of paramount importance. Consequences for non compliance with DPDP Act shall impose penalties up to Rs.150/- crore along with legal action shall be taken against the organisations or individuals responsible for infringement and also legal remedy have to be provided to the affected users in the form of compensation for misuse or breach of data and information.. 

3. Children’s Online Privacy Protection (COPP) Act (3): This Act was enacted in the year 1998 with a view to protect the privacy of children who are under the age of 13. This Act is intended to protect and secure the personal information and data of the children within the territory of the US. This is US federal law which governs data collection and disclosure of the information of young users in social media platforms. It requires parental consent for gathering information by any website's strict compliance under this Act. For non compliance under this Act shall impose huge penalties up to 41,484 US Dollar for any infringement of privacy of children.   

1. Facebook Ireland Ltd. –Vs- Maximillian Schrems (2020) (4), In this case Maximillian filed a suit with the help of the Irish Data Protection Commissioner in the year 2013. The contention of the petitioner Maximillian is that Facebook Ireland transfers his personal data from EU based server to US based server which is the infringement of EU Data Protection Laws. It was held that data transfer between EU and US was subjected to scrutiny and also ensured to provide safeguard to the citizens of the EU.

2.  Kharak Singh -Vs- State of UP (5) is an eminent PUCL case. In this case the court held that tapping someone's mobile phone is a breach of privacy. It is considered as an unlawful activity, hence punishment shall be given to the offender. In this case the court explains that even sharing contents or any information of any person in WhatsApp, Facebook, etc. without the consent of the content holder is an infringement of privacy policy as well.

3. Kamanya Singh -Vs- Union of India (6), the fact of the matter is Whatsapp is the parent company of facebook, so that data and personal information of users can be sent to the parent company without any restriction. This case is currently pending before Hon'ble Supreme Court of India that privacy comes under fundamental right of the citizens and it refers to the larger bench. 

4. Shreya Singhal -Vs- Union of India (7), it is one of the landmark cases regarding social media platforms. Shreya the petitioner, a law student challenged the constitutional validity under section 66A. The court held that section 66A is unconstitutional and found to be vague and also infringes the right to freedom of speech and expression under Article 19(1)(a) of the constitution of India. The court also held that social media platforms must have the obligation to govern online contents and to protect free speech of the citizens must not violate the fundamental rights.

Social media is a lucrative platform where people want to explore various things which may have serious issues associated with the event. For that it is essential to keep the personal data of the users safe. The online websites have various policies for their users to keep the data safe and protected. Privacy policy on social media must adhere to legal compliance to ensure the safeguard of private data and personal information of the users which shall not be disclosed in open public. For non-compliance, there are certain fines, penalties shall be imposed on the website and also it causes loss of reputation. Every website has committed towards safeguarding data and information of the users with utmost care and transparency. It is required to get clear and explicit consent of the user before data collection, store and processing can be done. The website allows the user to exercise their rights to modify or alter or delete and restrict the visibility of the personal data and information. Social media platforms must comply with GDPR, COPPA and DPDPA to keep the privacy of the users protected from any sorts of infringement. The significance of legal compliance is the fundamental aspects in social media platforms for safeguarding the personal data and protection from infringement of rights. 

1. General Data Protection Regulation (GDPR), Intersoft Consulting, https://gdpr-info.eu/.

2. Press Release: Ministry of Electronics & IT, Press Information Bureau (PIB), Jan. 5, 2025, 9:54 AM, https://pib.gov.in/PressReleasePage.aspx?PRID=2090271.

3. Children’s Online Privacy Protection Rule (COPPA), Federal Trade Commission (FTC), https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa.

4. Maximilian Schrems v. Facebook Ireland Ltd., Columbia Global Freedom of Expression, https://globalfreedomofexpression.columbia.edu/cases/maximilian-schrems-v-facebook-ireland-limited/.

5. Tarannum Vashisht, Media and the Right to Privacy: Incursion of Social Media, iPleaders (Nov. 28, 2020), https://blog.ipleaders.in/media-right-privacy-incursion-social-media/#Social_Media_and_Privacy_Related_Laws_In_India.