Not long after a nine-judge bench of the Supreme Court headed by former Chief Justice of India, J.S. Khehar, unanimously ruled that Right to Privacy is part of Right to Life and Liberty enshrined under Article 21 of the Indian Constitution, reports surfaced that a trial court had ordered an investigation into online job portal Monster.com’s alleged sale of user data to third parties.
Chief Metropolitan Magistrate (CMM) Naresh Kumar Laka reportedly said, “It is common knowledge that when a person applies for a job on the Internet, s/he feeds personal information which includes name, address and mobile number. In my opinion, the said data being personal information cannot be transferred/shared/sold to some third person without the consent of the said person.”
“At the time of entering personal information or data, jobseekers are not aware that the said data can be sold to any third person or that it can be misused. Accordingly, the said ostensible consent of the said applicant/individual cannot be said to be a free, voluntary or informed consent,” Laka said.
Citing the historic Supreme Court judgment, the CMM directed the police to conduct a probe into Monster.com’s alleged sale of user data and nab the culprits who were involved. The CMM went on to say that such fake job rackets were proliferating across the country, and needed to be checked with a firm hand.
Monster.com, on its part, claimed that it had entered into a lawful contract for selling user data. The online jobs’ portal said that it depended on the agreement between job-seekers and itself, terms of which were tantamount to Monster.com taking consent of users for sharing their data.
In a statement issued on its website, Monster.com said, “By registering or by using this site, you explicitly accept, without limitation or qualification, the collection, use and transfer of personal information provided by you in the manner described in this statement. Please read this statement carefully as it affects your rights and liabilities under law. If you do not accept the privacy statement stated herein or disagree with the way we collect and process personal information collected on the website, please do not use it.”
Monster.com released a separate statement which read: “Monster.com is currently awaiting a copy of the court’s order and direction to understand the specifics of this matter. We will fully cooperate with the regulatory authorities and comply with all processes laid down by them to take necessary action against errant parties.”
Monster.com maintained that users, while signing up for its service, gave their consent to the company to collect personal, demographic, behavioral, and indirect information. Personal information comprised users’ names, addresses including email addresses, contact information including telephone numbers, and billing information.
Demographic information referred to users’ ZIP or postal code, age, preference, gender, race/ethnicity, occupation, career history, interests and favorites. Whereas behavioral information included how users used the site, areas of the site they visited, services they accessed, and computer hardware and software information.
Popular perception of portals such as Monster.com has so far been that these are authentic repositories of accurate data of users actively looking for jobs. However, the trial court’s order strikes at the very heart of this conception. Not surprisingly, other Internet giants too have been feeling the heat of the court’s decision ever since.
In one of the cases following the trial court’s ruling, the Supreme Court issued notices to Google and Twitter in connection with a PIL filed against them, voicing concerns over privacy of data shared across borders. The petition reportedly stated, “Privacy rules do not apply to body corporates like Facebook, Twitter and Google outside India.
The situation is alarming because Indian arms of these body corporates have stated that they have no control over content/data/information generated from India and pertaining to Indian users. The content, website and data/information generated on facebook.com, twitter.com, and Google.com is controlled by Facebook Inc., Twitter Inc. and Google Inc., respectively, all of which are body corporates outside India exempt from Privacy Rules, 2011.”
When a leading publication quizzed a Bombay High Court lawyer, who specializes in data theft, on the matter, he explained that while data sharing depended on mutual agreements between users and online portals, the latter needed to take permission from users before sharing sensitive data such as financial and health information and passwords. In the event, online portals were sharing such data without an explicit agreement, they were committing data theft as per Section 43(b), read along with Section 66 of the Information Technology Act, 2000. In such cases, users could simultaneously resort to civil and criminal remedies.
Disclaimer – Statements and opinions expressed in this article are those from the editorial and are well researched from various sources. The content in the article is purely informative in nature.