ONLINE PRIVACY

Akshat Mehta

Online privacy is linked with the E-Contracts. In the contemporary world each and every transition over internet is governed in the form of E-Contracts. E-Contracts don’t have recognition under Indian Contract Act 1872, but internationally these have been recognized for the first time under Article 13 of the UN convention on Contracts for International Sale of Goods (1980) (CISG) which mentions that ‘writing’ includes writing on telegram also.[1] Even after the international recognition by CISG, the legal enforceability of E-Contracts was in question. Therefore United Nations commissions on international trade law (UNCITRAL) adopted a model law in its Article 16 and legality of an online electronic contract has been recognized.[2] It also adopted under Article 7 that for electronic commerce in which even electronic signatures are validly recognized as acceptance to an offer. After that European Commission also adopted E-Commerce directives to legally adopt electronic commerce in the EU market.

After the worldwide recognition of E-Contracts, India also legalized the validity of E-Contracts under Section 10-A of the Information Technology Act, 2000 and Section 65 of Indian Evidence Act, 1872. Section 10-A of the IT Act explicitly tells that ‘a contract could be validly formed by using electronic medium of forming the contract.[3]’ Also Section 65 of the Indian Evidence Act exhibits that ‘court should recognize the electronic documents produced for the contracts formation.[4]

E-Contracts also includecommunication, offer and unconditional acceptance, lawful purpose, lawful consideration, competent parties and free consent, which are pre-requisites of a non E-Contract mentioned under Indian Contract Act, 1872.[5]Also E-Contracts could be formed using e-mail, fax and internet. Each and every act performed on the internet, from trading in shares and debentures to accepting the terms and conditions of an online application, all are considered as E-Contracts. But, the major problem with E-Contracts is the privacy issue. There are lots of privacy problems in E-Contracts because the premise of these contracts is bases on Adhesion. Adhesion Contracts are leave it or take it contracts. These are the standard form of agreements where one party doesn’t have any means to negotiate over the terms and conditions of the contracts. The absurdity of adhesion contracts is that for such a leave it or take it contracts, how far we can say that my assent is with you?

There are basically three types of E-Contracts are there, and we can understand that how these E-Contracts are Adhesion Contracts where the user has a zero negotiating or bargaining power and is bound to accept the terms and conditions while opening any app, even if those terms and conditions are arbitrary in nature. The three types of E-Contracts are[6]:

  1. BROWSE-WRAP AGREEMENTS: In these form of agreements, there is a hyperlink at the bottom of the website in which the various terms and conditions of using website or any downloadable app is provided. The moment we click (www……….) or the moment we click the download button, it is automatically meant that we are bound by the terms and conditions of the application. This usually happens with all of us when we download any application from play store by clicking download button. In the landmark case related to browse-wrap agreements of Specht v. Netscape, the court held that “a consumer’s clicking on a download button doesn’t communicate assent to contractual terms if the offer didn’t make clear to the consumer that clicking on download button would signify assent to those terms”[7].
  2. CLICK-WRAP AGREEMENTS: These contracts came as a consequence of browse-wrap agreements. Whenever we install and open any social media app like Facebook, Instagram, Netflix, Whatsapp and Twitter every time we have to click ‘I Agree’ button displayed on the screen to open the app, certain terms and conditions were written in that ‘I Agree’ button either we could agree with it or we could deny it.
  3. SHRINK-WRAP AGREEMENTS: These are software agreements. In such agreements there is a box and the moment we open the box it is meant that we are bound by the terms and conditions of the contract. The validity of Shrink-Wrap agreements is questionable. In the landmark case of Pro CD v. Mathew Zeidenberg, Mathew purchased a CD-ROM which is a compilation of a telephone directory. On the outside surface of the packet, a notice was written which restricted the use of database for non-commercial purpose.[8] Mathew sold that CD-ROM for the commercial purpose. The court held that he was not liable because information about terms and conditions are inside the box and hence the validity of the shrink-wrap agreements is questionable.

All the above three forms of E-Contracts are more or less Adhesion Contracts where we as a party, have a very low remedy to bargain over the terms and conditions of the contracts. We could understand that if such contracts are Adhesion Contracts, then the superior bargaining position party (which are apps like Instagram and Whatsapp here) could easily put any unreasonable terms and conditions and could easily get the assent of the users. Over the period of time it was realized that these apps often puts such unreasonable terms and conditions which includes sharing of data with any other online applications or research organizations, which is primarily a matter of one’s privacy.

One such incident came out in 2018 where Cambridge Analytica, a British political consulting firm was exposed by a sting operation. This firm stole private data of around 50 million users of Facebook. The more shocking news was that only 50000-70000 people’s data was stolen which led up to 50 million. The Cambridge Analytica extracted data of people from the friend lists of users of Facebook and used it to create psychometric profiles to be used by personalized political apps, adds, campaigns and results. It also used sexual scandals, fake news and dirty tricks to swing elections throughout the world. Mark Zuckerberg publicly apologized for this, but the fact is that social media giant Facebook was aware about data being stolen from its platform because it had received number of warnings about its data security policies and particularly about Cambridge Analytica data breach since 2015. But, then also Facebook didn’t take any preventive steps to curb these.[9]

Instagram has three arbitrary terms and conditions which violates the privacy of the users. These three conditions are:[10]

  • Class action suit can’t be filed against Instagram. It means a suit can’t be filled against Instagram collectively.
  • Instagram has the sole copyright over the photos and content on its platform. It means prima facie account is of user but copyright over the account is of Instagram.
  • Instagram has the right to disclose personal information of the users to 3rd parties.

Netflix also has two arbitrary and unreasonable policies which violates the privacy of the users.[11]

  • Netflix can change its terms and conditions any time without informing its users. Its means it can disclose the private data of users even without informing them.
  • Also Netflix can disclose personal information to 3rd parties without permission of the users.

Due to such arbitrariness of these contracts some people often term them as Unconscionable Contracts. These are the contracts which doesn’t adhere to the principles of goodness, justice, equity and fairness. These contracts are void ab initio. Adhesion Contracts and Unconscionable Contracts are based on the principle of Contra Proferentem. Contra Proferentem is a Latin term which means against the person who is making the offer. It provides that the person who is in the superior bargaining position, the onus is on him to prove that he didn’t put such arbitrary and unconscionable terms and conditions in the contract by taking advantage of his superior position. This principle is used by judges in the court of law.

As the transition, commerce and indulgence of people on online platforms had been gradually increased over the years, government also had frame legislations to protect the privacy of the users where they are at the lower bargaining position while contracting electronically. Remedy under Indian Contract Act, 1872 could be found under Section 16 which renders contract voidable if the consent is vitiated by ‘Undue Influence’ by the party at the superior position. Also if privacy is considered as a vital part of Public Policy and the contract is seemed unconscionable prima facie, then contract could also be rendered void under Section 23 of the Indian Contract Act. Also validity of such contracts could be challenged under Section 10-A of the Information Technology Act and Section 65 of Indian Evidence Act. So there is a serious need to protect the privacy of users from the arbitrariness of online applications as we have seen in Cambridge Analytica case.


[1] UN convention of contracts for International sale of goods (CISG) 1980.

[2] United Nations commission of International trade law.

[3] Information Technology Act, 2000.

[4] Indian Evidence Act, 1872.

[5] Indian Contract Act, 1872.

[6] Types of Electronic Contracts.

[7] Specht v Netscape (2002)

[8] Pro CD v. Mathew Zeidenberg.

[9]Newyork times report on Cambridge Analytica-Facebook Scandal.

[10] Privacy Systems & Information, Instagram Help Centre.

[11] Privacy and Security Help Page – Netflix Help Centre


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s