This article is written by Henna Shah student of KES’ Shri Jayantilal H. Patel Law College, Mumbai.
The law of contract has its application in everyday life. Many times complex and vexed questions of law arise out of contracts entered into by the parties. A trend towards digitalization has led to an increase in e-commerce and e-transactions which adds to such complexities.
With a commendable growth in information technology the world is a click away. It is now easy to communicate with family and friends who are miles away through various social media platforms on acceptance of certain terms of service.
It’s tempting to skip the Terms of Service and Privacy Policy of online platforms, but it is important to establish what is expected from the user and what the user expects from the service provider. The terms of service reflect the business practice of the service provider, the laws applicable to the company, grant of licenses, warranties and liabilities, waiver of certain rights, indemnity, right of assignment, the mode of settlement of disputes, jurisdiction, etc.
The privacy policy helps the user to understand what information is collected and why is it collected by the service provider; the access, use and transfer of such information by the service provider, its affiliates and third-party partners; steps taken to protect the user’s information by the service provider; etc. In a nutshell, the Terms of Service and the Privacy Policy define the relationship of the user and the service provider intending to create a legally binding contract by using the personal data of the user as consideration to enable him/her to use the services without any fee.
Generally, personal data collected by online platforms includes information like name, email address, phone number, date of birth, gender, location, contacts in the address book, call logs, conversations, media and files, sexual preferences, financial transactions, likeness and voice conveyed by the user while availing the services. Further, online platforms and its partners by processing this valuable personal data hold the capacity to manipulate and trace the movements, choices and preference of the user.
In Justice K.S. Puttaswamy (Retd.) vs Union of India1, the Apex Court made the following observations:
“Ours is an age of information. Information is knowledge. The old adage that “knowledge is power” has stark implications for the position of the individual where data is ubiquitous, an all encompassing presence. Technology has made life fundamentally interconnected. The internet has become all pervasive as individuals spend more and more time online each day of their lives.
Individuals connect with others and use the internet as a means of communication. …Every transaction of an individual user and every site she visits leaves electronic tracks generally without her knowledge. These electronic tracks contain powerful means of information which provide knowledge of the sort of person that the user is and her interests.
Individually, these information silos may seem inconsequential. In aggregation, they disclose the nature of the personality: food habits, language, health, hobbies, sexual preferences, friendships, way of dress and political affiliation. In aggregation, information provides a picture of the being: of things which matter and those that don’t, of things to be disclosed and those best hidden.”2
“Popular websites install cookie files by the user’s browser. Cookies can tag browsers for unique indentified numbers, which allow them to recognise rapid users and secure information about online behaviour. Information, especially the browsing history of a user is utilised to create user profiles. The use of algorithms allows the creation of profiles about internet users. Automated content analysis of e-mails allows for reading of user e-mails.
An e-mail can be analysed to deduce user interests and to target suitable advertisements to a user on the site of the window. The books which an individual purchases on-line provide footprints for targeted advertising of the same genre. Whether an airline ticket has been purchased on economy or business class, provides vital information about employment profile or spending capacity.
Taxi rides booked on-line to shopping malls provide a profile of customer preferences. A woman who purchases pregnancy related medicines on-line would be in line to receive advertisements for baby products. Lives are put to electronic scrutiny.”3
“…The advancement in technology has created not just new forms of data, but also new methods of analysing the data and has led to the discovery of new uses for data. The algorithms are more effective and the computational power has magnified exponentially. …There may be cases where collection and processing of big data is legitimate and proportionate, despite being invasive of privacy otherwise.”4
In addition to the observations above, the nine judge bench in Justice K.S. Puttaswamy (Retd.) (supra), held that privacy is not just a common law right, but a fundamental right falling in Part III of the Constitution of India. Invasions of data privacy are difficult to detect because they can be invisible.
Its ability to travel at the speed of light enhances the invisibility of access to data; information collection can be the swiftest theft of all. The dangers to privacy in an age of information can originate not only from the State but from the non-State actors as well. In light of the above, the Hon’ble Bench directed the Union Government to examine and enact a robust data protection regime.
It is against this background, the privacy of an individual remains a serious concern in the digital era. The Personal Data Protection Bill, 2019 was introduced in Lok Sabha on 11th December 2019 by Mr Ravi Shankar Prasad, Minister of Electronics and Information Technology. The Bill, inter alia, seeks to provide protection of personal data of individuals, establishment of Data Protection Authority and penalizes re-identification and processing of de-identified personal data5. However, the Bill may undergo various changes before becoming a law.
Contracts posses the ability to accommodate multiple consents for services rendered in the disguise of performance obligations. In the words of Justice S.K. Kaul, “…technology has made it possible to enter a citizen’s house without knocking his/her door and this is equally possible by both the State and non-State actors. It is an individual’s choice as to who enters his house, how he lives and in what relationship.
The privacy of home must protect the family, marriage, procreation and sexual orientation which are all important aspects of his dignity. If an individual permits someone to enter the house it does not mean that others can enter the house. The only check and balance is that it should not harm the other individual or affect his or her rights.”6 Thus, one must remain vigilant while accepting the terms of service and share minimum personal data to avoid future mishaps.
Footnotes
- AIR 2017 SC 4161
- Ibid, at pages 4307, 4308 (para 170)
- Ibid, at page 4308 (para 171)
- Ibid, at page 4402 (para 433)
- https://www.prsindia.org/billtrack/personal-data-protection-bill-2019
- AIR SC 2017 4161, ibid, at page 4414 (paras 493 and 494)
0 Comments