Data Privacy
KARTIK SHAHU
January 2025
1 Abstract
1.1 purpose
Data privacy aims to protect an individual’s personal information, uphold their
rights over that data, and ensure that organizations handle this data responsibly
and within the confines of the law.
1.2 Approach
A data protection strategy is a set of measures and processes to safeguard an
organization’s sensitive information from data loss and corruption. Its principles
are the same as those of data protection—to protect data and support data
availability.
1.3 Research Limitation/Implications
Limitation : Data can only be collected for specified, explicit, and legitimate
purposes. Privacy problems are systematic, and rights put too much onus on
individuals. Implication : Misuse of personal data: Criminals can defraud or
harass users by misusing personal data.
1.4 Originality/Value
Data Privacy is important because it safeguards personal integrity, promotes
trust in digital interactions, and upholds the fundamental rights of individuals
in an increasingly data-driven world.
1.5 Keywords
Data Privacy, Social Media, User Awareness, Data Breaches, Identity Theft,
Data Mining, Phishing Scams, User Consent, Privacy Policies, Transparency
and Ethics, Personal Data Collection, Account Takeovers.
1
�2 Introduction
Its focus is on specific sectors that have already implemented tight policies on
privacy and data security; the first two are financial services and healthcare. It
requires a company dealing with customer information to consider the wishes
of a customer about NPI (Nonpublic Personal Information) and publicly an-
nounce its data usage and sharing policy. Again, this applies to all companies
running a website that would require adherence to international standards on
privacy. Businesses that are engaged in cross-border operations are also sub-
ject to international legal systems, which tend to be tougher than those that
exist in America. Industry-specific regulations, for example, like the Payment
Card Industry Data Security Standards, must be followed to ensure safe data
management.
It is in these concluding remarks of the article, then, that emphasis is placed
upon the benefits of establishing strong data security and privacy measures that
lie above mere compliance. These help develop and maintain consumer loyalty
and trust.
3 Need of Data Protection and Data Privacy
Law in India
We cannot deny anymore that we live in a digital age where everything is on
our screens. From our data to our currency, from movies and songs to shopping,
every domain has been digitised. In such a digitalised world, information proves
to be significant. In this age of digitalisation, when everything has been trans-
ported to our digital devices, our personal and non-personal information has
also been transported. As a result, the perils to our data privacy have increased
multiple times. India is an economy that is growing spontaneously, and with
that growth, the importance of our sensitive data has also been recognised. The
introduction of strong data privacy laws in India has recently assumed more
significance after the Puttaswamy decision, which held that the right to privacy
is indeed a fundamental right.
The need for data protection and privacy laws can be summarized as follows.
• Provides for protection of personal and non-personal information
of people- Data privacy laws are aimed at ensuring proper protection and
security of personal and non-personal information of citizens. These laws
regulate how the information is collected and processed, the grounds of
consent of the individuals, penalties in case the companies do not protect
the data as required by the law, etc.
• Builds stronger trust and confidence- These laws are also vital as
they build a stronger foundation for trust and confidence amongst the
people. When companies prioritise privacy of their users’ data and use
their data scrupulously, it showcases their commitment to protecting their
2
� personal data, which in turn helps consumers build a better and stronger
relationship with the concerned company.
• Preserves right to privacy- As we have already mentioned, the Indian
Constitution recognizes the right to privacy of an individual as a funda-
mental right. This implies that every individual has a right to their own
data. It allows them to decide how they want their data to be used and
when they want to withdraw their consent or object to the processing of
their data.
• Increased digital footprints- India has a population of more than a
billion people, and it is no surprise that a significant part of the population
is now connected to the internet. With the extensive use of social media
such as YouTube, Instagram, Tik Tok, etc., people are leaving behind
digital footprints throughout the Internet. If not handled correctly, this
invites major digital data breaches where our personal data and history
may be made public.
• Lack of awareness- The sheer lack of understanding of data privacy in
our nation also becomes another reason to bring up such a law. People use
the internet all the time, but they don’t really understand the law behind
it. They are unable to comprehend the consequences of their actions at
the time. Once such a law is in place, there will be more awareness about
the importance of privacy on digital platforms, and it will be easier to
educate people about their rights and obligations while they are active on
digital platforms.
• Prevents data breaches, identity thefts, etc.- With the increasing
number of people who have joined the digitisation process, there are higher
chances of any offence being committed, such as, fraud, identity theft, data
breaches, etc. The data privacy laws play a crucial role in putting such
mechanisms in place that would help prevent these offences.
• Promotes innovation and economic growth- A country with prop-
erly regulated data protection laws can promote a legal framework that
balances the individual’s right to privacy with digital growth. With newer
companies finding a place, data privacy will also find its pending signifi-
cance. More nations and companies will consider investing in our compa-
nies if their data protection framework is strong.
• Maintains the children’s privacy- Children as well have become more
active on all the digital platforms, due to which the need for special laws
and provisions to ensure the protection of their data is needed. The issues
concerning their consent and their rights need special attention as they
are quite different from the normal cases of data collection. A lot of games
collect diverse personal information about kids easily in order for them to
play their game and kids are unaware of the ramifications of the same. A
3
� proper law in place would make sure that not only such data is protected
but also that there is more awareness about it.
• Data ethics- These laws not only serve the purpose of data processing
and collecting but also data ethics. Data ethics are the principles that
ensure that the data collection and strong processing are all based on
ethical standards, there is fair and transparent data processing, and the
processing is non-arbitrary and non-discriminatory.
• Rights of the individuals- The data protection laws empower the indi-
vidual in more than just one way. They get a right to know about their
data, its collection, storage and transfer, and also get a right of redressal
in case of any violation. They are properly compensated for any data
breach. It sets up an effective grievance redressal mechanism and makes
people aware of the rights they possess in relation to their data.
• Facial recognition and surveillance- New technologies such as facial
recognition and surveillance have time and again raised several concerns
about the privacy of people’s data. These regulations address these con-
cerns and ensure more responsible data collection by individuals.
4 Impact on Social Media
Key Points for Data Privacy Research in Social Media Common Privacy Con-
cerns: Discuss prevalent issues such as data mining for identity theft, privacy
setting loopholes, and the risks associated with location tracking. Highlight how
these concerns affect user trust and engagement on platforms 16. Importance
of Data Privacy: Explain why data privacy is crucial for users, emphasizing
the potential consequences of data breaches, including identity theft and finan-
cial fraud. Include statistics to illustrate the scale of these issues, such as the
significant losses reported due to scams originating on social media 6. User
Awareness and Education: Investigate the level of awareness users have regard-
ing their privacy settings and the implications of sharing personal information.
Consider incorporating findings from studies that reveal gaps in user knowledge
about data privacy 24. Data Collection Practices: Detail the types of data
collected by social media platforms, including personal identifiers, behavioral
data, and geolocation information. Discuss how this data is used for targeted
advertising and its implications for user privacy 36. Impact of Privacy Invasion
Experiences: Explore how previous experiences with privacy invasions can in-
fluence users’ intentions to protect their privacy. Discuss concepts like ”privacy
fatigue,” which can diminish users’ motivation to engage in protective behaviors
7. Regulatory Frameworks and Compliance: Analyze existing regulations like
the General Data Protection Regulation (GDPR) and their impact on social
media practices. Discuss how compliance affects both users’ rights and com-
panies’ responsibilities regarding data protection 3. Technological Solutions:
Evaluate emerging technologies and strategies that can enhance data privacy
4
�on social media platforms, such as encryption, anonymization techniques, and
improved user interface designs that promote better privacy practices 8.Psy-
chological Aspects: Consider the psychological factors influencing user behavior
regarding privacy, such as risk perception and the balance between sharing per-
sonal information for social engagement versus protecting it 7. Future Trends
in Data Privacy: Speculate on future developments in data privacy within so-
cial media contexts, considering technological advancements and evolving user
expectations regarding transparency and control over personal data.
5 Advantages of Data Privacy
1. Better data use: High-quality and timely data can help a firm make bet-
ter decisions about data collection and retention. This can lead to more
accurate and relevant analytical results.
2. Improve business reputation: A company’s reputation may be just as
significant as its goods or services.
3. Lower storage costs: It can be expensive and dangerous to save all data
indefinitely. Businesses that rationally choose which data to collect, store,
and for how long to keep it all together save money on primary and backup
data storage.
4. Regulatory compliance: Holding appropriate data privacy regulations can
safeguard a company from lawsuits and penalties resulting from privacy
violations.Establishing trust between an organization and its consumers
5. Ensuring that a company is compliant with regional and global data pri-
vacy regulations
6. Preventing the government from spying on citizens
7. Holding those who steal and misuse data accountable
8. Maintaining boundaries
9. Ensuring control over personal data
6 Popular Social Media Application/Sites Whose
Data is Hack In Last Few Year’s
It seems like we’re always hearing about how some tech site has been hacked or
how a voter database has been leaked online. If the 11,000-plus data breaches
in the past 15 years have shown us anything, it is that any information that
we share online is at risk of being compromised, if it hasn’t been already. The
question that we have to ask ourselves, then, is how much trust do we really
want to put in big tech to keep some of our most compromising data safe?
THESE ARE SOME EXAMPLE:-
5
�6.1 Snapchat – Estimated affected: Upwards of 4.6 mil-
lion users
The 2013 “Hack”
At the end of 2013, hackers of a site called SnapchatDB.info posted the
account information of 4.6 million Snapchat users. Usernames and sometimes
even phone numbers of users were available to the public for download. In a
statement to TechCrunch, SnapchatDB said that they breached Snapchat to
urge the company to tighten its security measures.
“Our motivation behind the release was to raise the public awareness around
the issue, and also put public pressure on Snapchat to get this exploit fixed. It
is understandable that tech startups have limited resources but security and
privacy should not be a secondary goal.”
The hackers explained that they accomplished this data breach by using
an exploit created in the app’s most recent update. The exploit had been
discovered a week prior by Gibson Security, an Australian-based “white hat”
hacking group, who went public with the vulnerability in the app’s Android and
iOS API.
6.2 Twitter – Estimated Affected: 32 million users (with
another 330 million suspect)
The Russian Job
In 2016, the account information of over 32 million Twitter accounts was
supposedly compromised by hackers. LeakedSource reported in a blog post
that they had received a copy of the compromised data from a hacker known
as “Tessa,” who was part of a group of Russian hackers responsible previously
for major data breaches such as Myspace and LinkedIn (both discussed below).
The compromised cache contained about 32.9 million records that included email
addresses, usernames, and passwords.
Twitter responded by stating that their systems had not been breached but
that they were actively attempting to check their data against what was be-
ing shared online. There was speculation that the accounts could have been
compromised as a result of malware on Firefox and Chrome browsers, but ulti-
mately the data was more likely the result of users recycling email and password
information from their Myspace and LinkedIn accounts that could have already
been compromised. Some merit does seem to support this claim as high-profile
individuals like Facebook CEO Mark Zuckerberg became the targets of ridicule
for reusing simplistic passwords like “dadada” for multiple sites.
Ultimately, it is difficult to know the full extent of damage done during this
“breach,” but it serves as one of many red flags for users trying to keep their
information safe, and as just one out of several breaches to Twitter that would
come in the following years.
6
� 6.3 Instagram – Estimated affected: 49 million users
Facebook has always had a rocky history in preventing data breaches, but2019
was a particularly bad year for the company.Breaches of both Facebook and its
subsidiary site Instagram exposed sensitive data of at least 49 million users.
Unlike other data breaches that companies have suffered, the case behind
how Instagram’s data was compromised is a curious one and has become part
of a growing threat to data security. The data was not compromised due to an
attack on Instagram’s servers, nor was it due to a leak in their system code.
The data was not even stolen from the Instagram network.
The culprit? Unprotected marketing company servers.
There are many companies that lack the resources to run dedicated — and
costly — server hardware. To answer the needs of these companies, Amazon
Web Services (AWS) was developed as a cloud-computing product that could
host company apps, websites, or databases. Instagram originally ran much of
their infrastructure through AWS, but when Facebook purchased the company
back in 2012, it switched Instagram over to a dedicated and more secure server.
It was on one such AWS server, however, that a Mumbai-based marketing
company called Chatbox stored sensitive data that it had gathered on Instagram
users and left unsecured, without a password, for at least 72 hours.
7 Approaches to Privacy Preservation Storage
on Cloud
When data are stored on cloud, data security mainly has three dimensions,
confidentiality, integrity and availability [7]. The first two are directly related
to privacy of the data i.e., if data confidentiality or integrity is breached it will
have a direct effect on users privacy. Therefore we will also discuss privacy
issues related to confidentiality and integrity of data in this section.
A basic requirement for big data storage system is to protect the privacy of
an individual. There are some existing mechanisms to fulfil that requirement.
For example, a sender can encrypt his data using pubic key encryption (PKE) in
such a way that only the valid recipient can decrypt the data. The approaches
to preserve the privacy of the user when data are stored on the cloud are as
follows.
8 Reference
1. /[https://human-id.org/blog/biggests ocialm ediab reachh istory/](Breaches)
2. https://blog.ipleaders.in/data-protection-laws-in-india-2/ (LAWS)
3. https://ieeexplore.ieee.org/abstract/document/7460114/metricsmetrics (inspired)
4. https://books.google.co.in/books?hl=enlr=id=EfjZBwAAQBAJoi=fndpg=PA1dq=introduction+for+data+p
Vsig=n32ZkevrjObzhZz9W0UGT9Mj2coredire sc = yv = onepageq = introductionSolove, D.J.(2008).U nderst
7
� 5. Nissenbaum, H. (2010). Privacy in Context: Technology, Policy, and the In-
tegrity of Social Life. Stanford University Press.(intro)
6. Regan, P. M. (1995). Legislating Privacy: Technology, Social Values, and Public
Policy. University of North Carolina Press.(intro)
7. Smith, H. J., Dinev, T., Xu, H. (2011). Information Privacy Research: An
Interdisciplinary Review. MIS Quarterly, 35(4), 989-1015.(intro)
8. Warren, S. D., Brandeis, L. D. (1890). The Right to Privacy. Harvard Law
Review, 4(5), 193-220.(intro)
9. Westin, A. F. (1967). Privacy and Freedom. Public Affairs Quarterly, 25, 431-
436.(intro)
10. Boyd, D. (2014). It’s Complicated: The Social Lives of Networked Teens. Yale
University Press.(Impact on Social Media)
11. Fuchs, C. (2021). Social Media: A Critical Introduction (3rd ed.). SAGE
Publications.(Impact on Social Media)
12. Turkle, S. (2011). Alone Together: Why We Expect More from Technology and
Less from Each Other. Basic Books.(Impact on Social Media)
13. Kaplan, A. M., Haenlein, M. (2010). Users of the world, unite! The challenges
and opportunities of social media. Business Horizons, 53(1), 59-68.(Impact on
Social Media)
14. Ellison, N. B., Boyd, D. M. (2013). Sociality through social network sites. The
Oxford Handbook of Internet Studies, 151-172.(Impact on Social Media)
15. Keles, B., McCrae, N., Grealish, A. (2020). A systematic review: The influence
of social media on depression, anxiety, and psychological distress in adolescents.
International Journal of Adolescence and Youth, 25(1), 79-93.(Impact on Social
Media)
16. Ristenpart, T., Shrimpton, T. (2011). Cloud Security: A Practical Introduc-
tion. Addison-Wesley Professional.(Approaches to Privacy Preservation Storage
on Cloud)
17. Wang, C., Chow, S. S. M. (2012). Cloud Storage Security: Principles and
Practice. Springer.(Approaches to Privacy Preservation Storage on Cloud)
18. Kshetri, N. (2021). Cloud Computing and Security: Fundamentals and Appli-
cations. Springer.(Approaches to Privacy Preservation Storage on Cloud)
19. Wang, C., Wang, Q., Ren, K., Cao, N., Lou, W. (2010). Toward Secure
and Dependable Storage Services in Cloud Computing. IEEE Transactions on
Services Computing, 5(2), 220-232.(Approaches to Privacy Preservation Storage
on Cloud)
8
�20. Yu, S., Wang, C., Ren, K., Lou, W. (2010). Achieving Secure, Scalable, and
Fine-Grained Data Access Control in Cloud Computing. IEEE INFOCOM 2010
(Approaches to Privacy Preservation Storage on Cloud)
21. Zissis, D., Lekkas, D. (2012). Addressing Cloud Computing Security Issues.
Future Generation Computer Systems, 28(3), 583-592 (Approaches to Privacy
Preservation Storage on Cloud)
