Legal actions against websites like Face book, Twitter, and Google etc. for breach of your privacy

Legal actions against websites like Face book, Twitter, and Google etc. for breach of your privacy


“With great power comes great responsibility.” This is especially pertinent in today’s world, where a click of a button can very well change the course of someone’s life. Given that more than 2.5 quintillion bytes of data are consumed every day in the form of emails, videos, images, tweets, and content, the risk of privacy breaches has understandably increased at an alarming rate. it is of the utmost importance to ensure that any information collected by the government is protected and a strict process to protect any infringement of privacy of its citizens is implemented. Also, it is necessary to codify the process of sharing such information between government departments to check any abuse of power.

The Supreme Court of India has reportedly issued notices to Google and Twitter, in reference to the public interest litigation petition filed against the Internet behemoths over data privacy concerns. The petition, according to sources, has raised concerns about the lack of control over data sharing with cross-border corporate entities, which could potentially be a violation of the Indian citizens’ right to privacy. Data privacy is increasingly becoming an area of concern in the country, with giants like Facebook, WhatsApp, and Google India also being inspected for allegedly sharing user data with third-party entities.


The term “Privacy” hasn’t directly mentioned under the Indian law. However, the Supreme Court backed the “Right to Privacy” in the case of Justice K.S. Puttaswamy v. Union of India, where the Hon’ble Supreme court holds that the right to privacy is protected as a fundamental constitutional right under Articles 14, 19 and 21 of the Constitution of India.

The whole concept of privacy under Indian law has two aspects which are: Personal Information and Sensitive Personal Information. As per the provisions of the Information Technology (Reasonable Security and Procedures and Sensitive Personal Data) Rules, 2011 it defines both term which are as, “Personal Information” which means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person whereas, Sensitive personal data or information of a person means such personal information which consists of information relating to; passwords, financial information such as Bank account or credit card or debit card or other payment instrument details; biometric information; any detail relating to the above clauses as provided to body corporate for providing service; and any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.





Everyone leaves a data trail behind on the internet. Every time someone creates a new social media account, they provide personal information that can include their name, birthdate, geographic location, and personal interests. In addition, companies collect data on user behaviors: when, where, and how users interact with their platform. All of this data is stored and leveraged by companies to better target advertising to their users. Sometimes, companies share users’ data with third-party entities, often without users’ knowledge or consent.


Malware (malicious software) is designed to gain access to computers and the data they contain. Once malware has infiltrated a user’s computer, it can be used to steal sensitive information (spyware), extort money, or profit from forced advertising (adware). Social media platforms are an ideal delivery system for malware distributors. Once an account has been compromised, cybercriminals can take over that account to distribute malware to all of the user’s friends or contacts.


Phishing is one of the most common ways criminals attempt to gain access to sensitive personal information. Often in the form of an email, a text message, or a phone call, a phishing attack presents itself as a message from a legitimate organization. These messages trick people into sharing sensitive data, including passwords, banking information, or credit card details. Phishing attacks often pose as social media platforms.




The Supreme Court has recognised the right to privacy under Art. 21 of the Constitution through an expansive interpretation of ‘personal liberty’. This right, however, is not absolute.56 The Supreme Court has held that privacy is not violated if it is intruded by a fair, just and reasonable procedure, established under law. 57 Furthermore, the Court considers other countervailing rights and interests while deciding on the issue of privacy.


The newly added Section 72-A punishes the disclosure of information in breach of a lawful contract with imprisonment or fine. This section is applicable only in the situation where any person or an intermediary himself has access to the data of their clients without the consent of the concerned person.

As per section 3(2)(a) of the Information Technology (Intermediary Guidelines) Rules, 2011, it states that: “Such rules and regulations, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that  (a) belongs to another person and to which the user does not have any right to.” By incorporating this provision of law, the act puts a duty on an intermediary to inform the users of computer resource not to share any information which belongs to another person and to which the user of computer resource doesn’t have any right to such information.


An aggrieved person may also bring legal action against an intermediary under section 405 of the Indian Penal Code, 1860 which deals with the Criminal breach of trust. An intermediary is always bounded by the trust of their user to protect their privacy. a user and an intermediary shares a fiduciary relationship between them, any willful violation committed by an intermediary may lead to criminal breach of trust. Hence, an aggrieved person can bring an action against such intermediary. 


Supreme Court is becoming increasingly vigilant when it comes to ensuring the citizen’s right to privacy. With big players like WhatsApp, Facebook, Twitter, Google, also facing the heat, the country is hopefully moving towards a more efficient and proactive legal system that strikes down on all instances of data privacy infringement.