Author: Akshay Krishna P, IV year of B.A.,LL.B from SLS Nagpur.
Introduction
Social media websites have long been seen as extremely potent tools for the marketing of products to a wider and multinational audience. The flexibility of social media marketing and its cost effectiveness when compared to traditional media outlets make investment into social media marketing an absolute priority for any brand or service. While many social media websites often engage in the provision of TOS agreements to their users, these terms of service agreements only govern the information that the social media company can use for their purposes, marketing or otherwise. Many a times, the data collected by these companies is often sold to companies and advertisers with pernicious intentions or fraudulent companies/services. There has long since been no quality control with regards to the advertisements that a person receives on their social media website and there has also been no active campaign by these social media companies to verify whether the products or services listed or offered by the third-party companies who use their site are legitimate or not. These platforms enjoy immunity as they are classified as platforms and not publishers and hence, can be exempt from litigation to a major extent. Most social media companies, even when their liability can be drawn out for any particular activity mentioned above, will fight the person making these claims in a long and drawn-out court battle and this is not an ideal solution to the matter at hand as two important factors are not considered via this approach. These important factors are quick and easy justice to the parties concerned and the protection of the brand image of the multinational social media website that would operate on a variance of intellectual property laws across different countries. In light of the above-mentioned predicament, this blog post would highlight the role that arbitration could play in solving this crisis while ensuring justice to all the parties concerned.
The problem of Fraudulent advertisements
Fraudulent advertisements have become quite the common sight on social media websites, be it Instagram, snapchat or even WhatsApp wherein job scammers eagerly prey on graduates. In a recent survey of 2119 people in the UK by a news organization called which? ,it was found that only 20% of the people surveyed felt protected from scam advertisements. The article emphasizes upon the story of one “Jill” who lost over 30,000 pounds to a false cryptocurrency trading application advertisement that she had seen on Facebook. In India, Hirect estimates that 56% of all job seekers aged between the age of 20 and 29 have been the victim of an elaborate job scam wherein money was taken from them under the ruse of application processing, security deposit etc. the most popular social media site that was used for scam job advertisements being WhatsApp. The problem posed by fraudulent advertisements is something that must be taken extremely seriously as these advertisements have been a thorn in the side of both the consumers of social media platforms and the social media platforms itself. No social media company wants to have a negative brand image as this is terrible for their brand in the long run. The famous social media app of YikYak is a great example of how even the most viral of social media platforms can be brought down by the very consumers who showered it with so much of love. YikYak’s anonymity feature made the social media platform a very lucrative place for racists as they could state slanderous and derogatory material with complete impunity.
Sensitive information and its transfer
India is one of the few major countries that does not have stringent laws with regards to data protection and this is a major problem in the country. As a result of the lack of laws on the same, Indians fall victim to multiple scams and frauds online and this can be very frustrating for these companies that are seeking a positive brand image and the users who fall victim to such fraudulent advertisements. Personal information, as per the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, refers to any information that can be used or aids in the identification of a natural person. Sensitive personal data, as per the aforementioned rules, consist of personal information on certain categories such as sexual orientation, medical history Etc. as given in section 3 of the aforementioned rules. As a bill on data protection has not been passed yet, these rules can be classified as the only legislation protecting the data of the Indian people from exploitation via body corporates as defined under section 43A of the IT act of 2000.
According to section 4 of the aforementioned rules, the body corporate shall provide a privacy policy with regards to the use of personal information or sensitive personal information. The body corporate is also tasked with making the same available for view by the provider of such information under lawful contract. In addition to this, this privacy policy must be uploaded on the website of the body corporate and this privacy policy must comply with the requirement under section 4. One of the primary requirements that this privacy policy must contain is the purpose for the collection of information from the person concerned along with a reasonable security practice for the protection and safe transfer of this information from the body corporate to another person via lawful contract (section 7 and 8 of the aforementioned act).
These rules provide for a body corporate to collect personal information and sensitive personal data from natural persons provided that they get the consent for the same from the respected persons, for the fulfillment of a lawful purpose. The problem to this model of data protection arises in section 7 of these rules as section 7 provides for a transfer of any information of any natural person from one body corporate to another or from one body corporate to any other person, both natural and artificial, provided that the person concerned has consented to this transfer. This is where the problem of consent arises. While many people may have consented to the use of their information of marketing purposes, no person consents to their information being used for fraudulent targeting of persons as the objective of the contract in itself is void. i.e., a contract must for a lawful consideration and for a lawful object under section 10 of the Indian contract Act of 1872. The body corporates concerned may try to absolve themselves of any legal liability as they would state that there existed a contract between the body corporate and the person concerned that allowed them to share the personal information of the person concerned with other websites. However, even if this was consented to (which is usually not the case), the body corporate only had the consent of the person concerned to use his information for the marketing or any other legal purpose. In this case, if they:
Give this information to any website or person who may seek to commit fraud, they are not engaging into a valid contract and honoring their agreement thereby making their defense of provision of information to other parties void-ab-initio.
If this information is taken from their websites directly or indirectly, they will be held liable as they were in contravention of section 8 of the aforementioned rules.
If this information was subsequently sold off to another body corporate or person and this person or persons subsequent to them commit fraud against the people concerned, the same will not be governed by this act as the liability of the body corporate ceases after consensual sale of personal information in good faith.
Role of Arbitration in mitigating the above-mentioned problems:
Arbitration is the best solution to tackle the aforementioned problems for the following reasons
By giving personal information to an entity that seeks to use the same for fraudulent purposes, we have come to the conclusion that there exists no formation of contract between the body corporate and the other entity. In light of this, the damage caused by such a lapse in judgment is best dealt with arbitration as it would not only take lesser time but would also reduce the burden from the courts concerned.
Data security is a field that is extremely complicated and takes extreme technical knowledge to adjudicate upon. In consideration of this point, it would be much wiser to ensure arbitration proceedings rather than court proceedings as the arbitrators concerned would have technical knowledge of the field and thus be more effective while providing remedies to the parties.
Arbitration would ensure that the image of a body corporate is not tarnished via a lapse in judgment or a technical breach in their security under section 8 of the aforementioned act while also ensuring that the victim is compensated in an anonymous manner and is kept far away from the prying eyes of the public. After all, the Puttaswamy judgment guaranteed the right to privacy and the enforcing the same does not require infamy.