Spread the love

This article is written by Arava Monisha of 3rd semester of Damodaram Sanjivayya National Law University, Visakhapatnam, Andhra Pradesh, an intern under Legal Vidhiya.


The Privacy Policies of Social media platforms wield substantial influence over the digital landscape, affecting millions of users worldwide. This abstract delves into the intricate facets of these policies, which are often complex documents outlining the acquisition, utilization, and protection of user data. Social media platforms employ diverse methods to gather information, encompassing personal details, user-generated content, and automated data collection processes. The utilization of this data goes beyond personalizing user experiences, extending to targeted advertising and analytics. Robust security measures, including encryption and authentication, are implemented to secure user information against unauthorized access. This abstract deals with the key aspects such as the involvement of third parties, compliance with legal frameworks, and transparent communication about policy changes are pivotal. In the dynamic evolution of social media, ethical considerations surrounding user privacy take centre stage. It is imperative for users to comprehend and critically assess these policies to navigate the digital landscape with conscientious awareness. This abstract underscore the intricate interplay between user experience, data utilization, and privacy protection within the dynamic realm of social media.


Privacy, Policy, Social media, Influence, Digital landscape, Platform, Diverse, Communication, Ethical, Unauthorized, Protection.


Comprehending and scrutinizing social media privacy policies is indispensable in the contemporary digital era, providing users with the essential knowledge to navigate online environments responsibly. These policies act as informative tools, offering insights into the methods by which social media platforms collect, utilize, and safeguard users’ personal information. Going beyond mere consent, a familiarity with these policies empowers users to actively manage their online profiles, regulate the disclosure of personal data, and make choices aligned with their preferences. Moreover, it cultivates openness and trust between users and platforms, fostering a positive user-provider relationship. Concurrently, the evaluation of these policies allows users to confirm a platform’s commitment to data protection, adherence to legal regulations, and implementation of robust security measures. Given the dynamic nature of privacy policies, staying informed enables users to adapt to changes, ensuring ongoing awareness of data practices and the preservation of their rights within the digital sphere. Analysing the progression of these policies becomes essential for understanding the delicate equilibrium between tailored digital experiences and the preservation of individual privacy in the continually evolving landscape of social media.


Since the emergence of early social networking sites in the early 2000s, the realm of online social networking platforms has experienced tremendous growth, with major players like Facebook, Instagram, Twitter, and Snapchat dominating the landscape by the mid-2010s. The substantial increase in the availability and storage of personal information in the online sphere and cloud databases has elevated discussions on the secure handling of such sensitive data, placing user privacy at the forefront. Ethical considerations now revolve around the extent to which users and administrators of social media platforms can access user profiles, introducing new dimensions to the discourse. The legal implications, acknowledgement, and delineation of boundaries related to potential privacy violations are critical concerns in anticipation of the continued advancements in the technological age.[1]

Data Mining:

Data serves as the lifeblood for social media platforms, influencing a spectrum of activities such as tailoring services, delivering targeted advertisements, market analysis, and shaping business models. Your personal information, including your name, email addresses, date of birth, and location, is part of the data you provide to these platforms. However, equally valuable is the information that is  derived from your likes, dislikes, photos, and posts, forming a comprehensive profile. This type of data is a valuable asset for social media platforms. Once you consent to their Terms and Conditions, the data becomes their possession, affording them considerable flexibility in its usage. They have the authority to create detailed user profiles for targeted advertising, share data with partners, sell it to third parties, transfer it across borders with potentially less stringent privacy laws, and incorporate your photos or other data into their promotional campaigns.[2]


Hacking poses a significant threat to social media accounts due to various reasons. Hackers can exploit these platforms to:

  • Extract information from your social media profiles, employing it to breach your accounts. For instance, utilizing easily accessible details, such as posting pictures of your dog and employing its name as a password, is just one straightforward technique.
  • Develop a comprehensive understanding of your identity, enabling them to execute social engineering attacks like phishing or pretexting.
  • Disseminate malware and viruses via your accounts, leveraging the trust associated with messages from friends. Once infiltrated, hackers can send malware-hidden links to your contacts, a tactic more potent than email phishing, as people are inclined to trust messages from their social circle.
  • Utilize your personal information for impersonation or, in more severe cases, identity theft.[3]

Harassment, Cyberbullying, Stalking:

Harassment, cyberbullying, and impersonation are additional concerns within the realm of social media. Instances of cyberbullying or cyberstalking may not necessarily involve hackers; instead, individuals such as colleagues, classmates, or former partners can perpetrate these actions. For example, colleagues with ill intentions may send threatening messages, classmates could bombard your child with inappropriate comments, or an ex-partner might divulge private information online or compromise your account to send damaging messages to colleagues and friends, tarnishing your reputation. Such situations can turn into privacy nightmares, particularly if the malicious activities originate from your account. Clarifying that the actions were not your own can prove exceptionally challenging.[4]

False information:

The widespread use of social media has become a fertile ground for the dissemination of misinformation and propaganda. Trolls is one of the major issues among the individuals who are prominently active in the online sphere, purposefully incite unproductive discussions and manipulate the emotions of others. Therefore, it is essential to verify any information that raises suspicion on social media thoroughly. Refrain from sharing content unless you are certain of its authenticity.[5]

Social Media Phishing:

Social media phishing is a deceptive strategy where cybercriminals employ fraudulent methods to acquire sensitive information from individuals on social media platforms. This type of online fraud involves the creation of deceptive messages or websites that mimic authentic social media interfaces, aiming to deceive users into disclosing personal details like usernames, passwords, or financial information. Phishers use various tactics such as crafting fake login pages, enticing messages, or seemingly legitimate links that redirect users to malicious sites. Once attackers gain access to user credentials, they can compromise accounts, engage in identity theft, or carry out additional malicious activities. The threat of social media phishing underscores the need for users to remain vigilant and practice cautious online behaviour to avoid falling prey to these deceitful tactics, preserving both privacy and security.[6]

Complicated Privacy Configurations and Vulnerabilities:

Although platforms like Meta offer users control over their privacy, these settings can be intricate and perplexing. For instance, you may share a post with a select friend group, only to find that a member of that group has different settings, potentially making the same post visible to a broader audience. Furthermore, social media companies routinely update their privacy policies and technologies. An update might affect older posts that users believed were previously secure. Meta provides settings to restrict the visibility of past posts, but keeping abreast of these updates can be a challenging task.[7]

Preteens and young adolescents:

Among other age groups these sections of individualsemerge as particularly susceptible individuals to the risks associated with sharing private information. As an increasing number of young people join social media platforms, there is a prevalent belief that it’s permissible to share whatever comes to mind, often without recognizing the potential harm and the compromise to their privacy. Research indicates that many individuals in this age group view social media and social networking services as crucial for establishing relationships and friendships. However, this reliance on such platforms raises privacy concerns, including the potential for identity theft, unauthorized access to personal information, and the use of data by advertising entities. Preteens and adolescents freely share details on platforms like Facebook, Snapchat, Instagram, Twitter, Pinterest, and others by uploading photos and videos of themselves, often without fully grasping the implications of the privacy they are relinquishing.[8]

Sexual Predators:

Despite the commitment of major social networking sites to enhance safety measures, the abundance of personal information and the option to adopt a pseudo-identity have made these platforms increasingly popular for online sexual predators. The absence of robust age verification mechanisms poses a significant concern within these social networking platforms. Although some of these predators may have transitioned to utilizing services offered by Facebook, the number of sexual predators identified through social networking sites is on the rise, occurring nearly on a weekly basis. In the most severe cases, children have fallen victim to paedophiles or have been enticed to meet strangers. The anonymity afforded by cyberspace allows sexual predators to lurk and access victim profiles online, emphasizing the need for continued vigilance and safety measures in the digital realm.[9]


The Information Technology Act, 2000:

The safeguarding of the right to privacy on social media in India predates its formal recognition as a fundamental right. The Information Technology Act, 2000 stands as a comprehensive piece of legislation specifically addressing privacy aspects in the realm of cyberspace.

Section 43A of the I.T. Act imposes an obligation on a body corporate dealing with sensitive personal data or information in a computer resource to institute and uphold reasonable security practices and procedures. In cases where such practices are not implemented, resulting in wrongful loss or gain to any individual, the body corporate may be liable to pay damages to the affected party. This provision provides definitions for ‘body corporate’ and ‘reasonable security practices and procedures.

 Additionally, Section 69A of the I.T. Act grants authority to the Central Government to block public access to information through any computer resource based on specified grounds. This provision has been utilized by the government to prohibit various Chinese apps, including the social media platform TikTok, due to privacy concerns.[10]

The Information Technology (Reasonable security practices and sensitive personal data or Information) SPDI Rules, 2011:

Concerning the reasonable security practices and procedures mandated by the Information Technology Act, the reading of Section 43A must be complemented by the SPDI Rules of 2011, forming a detailed framework for the implementation of Section 43A.

These rules initially define the definitions of ‘personal information’ and ‘sensitive personal data or information.’ The obligations imposed on the body corporate include:

  • Offering a privacy policy outlining the handling of personal information, including sensitive personal information, to users. This policy must be published on the corporate website.
  • Securing user consent for the collection of sensitive personal information, ensuring clarity regarding the purpose of usage.
  • Obtaining explicit user consent before divulging any sensitive personal information to third parties.
  • Maintaining a documented policy that encompasses managerial, technical, operational, and physical security control measures aligned with the protected information assets and the nature of the business.

Thus, the SPDI Rules predominantly address privacy issues related to sensitive personal information, while similar protection is not explicitly extended to the personal information of the user.[11]

The Personal Data Protection Bill, 2019:

Considering the limited protection offered to privacy on social media by Section 43A of the I.T. Act, in conjunction with the SPDI Rules of 2011, and taking into account the Supreme Court’s judgment in the Puttaswamy case recognizing privacy as a fundamental right, the Personal Data Protection Bill, 2019 was ultimately formulated to establish a robust framework for privacy and data protection in India.

The bill provides definitions for key terms such as ‘personal data,’ ‘sensitive personal data,’ ‘data principal,’ ‘data fiduciary,’ and ‘consent.’

Addressing the gaps in the existing legal framework in India, the PDP Bill mandates the processing of personal data only for specific, clear, and lawful purposes. It emphasizes that the processing should be conducted fairly and reasonably to ensure the privacy of the data principal and strictly adhere to the consented purpose. Additionally, personal data should only be collected to the extent necessary for processing.

Regarding the consent of the data principal, the PDP Bill stipulates that consent must be obtained before processing personal data and should be specific to the intended purpose. Moreover, in the case of sensitive personal data, the bill requires obtaining separate consent for different categories of sensitive personal data, providing the data principal with the choice.[12]


In conclusion, the terrain of privacy regulations within the realm of social media is intricate and constantly changing, mirroring the dynamic nature of digital interactions. Despite the pivotal role social media platforms play in global connectivity, concerns surrounding privacy persist. The legal frameworks overseeing privacy matters on social media differ across regions, each adapting to the unique challenges posed by the digital era. As individuals continue to utilize social media for both personal and professional purposes, being cognizant of privacy settings, terms of service, and the legal context becomes paramount. Users need to remain well-informed, assert their rights, and actively participate in the ongoing dialogue about privacy in the digital age. Ultimately, striking a delicate equilibrium between innovation, global connectivity, and safeguarding individual privacy emerges as a critical challenge for the future trajectory of social media platforms.

[1]Wikipedia,https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services#Privacy_concerns (Accessed: 22 December 2023).

[2] NordVPN, https://nordvpn.com/blog/social-media-privacy-issues/ (Accessed: 22 December 2023). NordVPN, https://nordvpn.com/blog/social-media-privacy-issues/ (Accessed: 22 December 2023).

[3] NordVPN, https://nordvpn.com/blog/social-media-privacy-issues/ (Accessed: 22 December 2023).

[4] Ibid.

[5] NordVPN, https://nordvpn.com/blog/social-media-privacy-issues/ (Accessed: 22 December 2023).

[6] Terranova security, https://terranovasecurity.com/blog/data-privacy-social-media-protect-your-information/ (Accessed: 22 December 2023).

[7] Ibid.

[8]Wikipedia,https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services#Potential_dangers(Accessed: 22 December 2023).

[9] Ibid.

[10] Enhelion Blogs, https://enhelion.com/blogs/2022/03/11/right-to-privacy-and-its-significance-in-social-media/#_ftn8 (Accessed: 22 December 2023).

[11] Enhelion Blogs, https://enhelion.com/blogs/2022/03/11/right-to-privacy-and-its-significance-in-social-media/#_ftn8 (Accessed: 22 December 2023).

[12] Ibid.

Disclaimer: The materials provided herein are intended solely for informational purposes. Accessing or using the site or the materials does not establish an attorney-client relationship. The information presented on this site is not to be construed as legal or professional advice, and it should not be relied upon for such purposes or used as a substitute for advice from a licensed attorney in your state. Additionally, the viewpoint presented by the author is of a personal nature.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *