Life and personal liberty can be regarded as absolute rights which an individual possess by the fact of his being a human. These rights are essentially part of any dignified human existence. According to J S Mill, "privacy is an aspect of liberty grounded on the permanent interests of man as a progressive human being". It exists in each one of us regardless of our socio- economic status, gender or orientation.

This article explores how social media platforms, particularly instagram, infringes upon users' rights to privacy. It critically examines data collection practices, legal frameworks, ethical implications, and the impact of use behaviour. This study reiterates the urgency of addressing privacy challenges in the digital era, analyze gaps in Indian privacy laws, and provides safeguard recommendations for user rights.

Introduction
In today's digital era, social media platforms especially Instagram, have become integral to daily life, allowing users to share moments, connect, and express creativity. However, these platforms often demand vast amounts of personal data, raising concerns about privacy infringement. With its extensive data collection practices including personal photos, locations, and user interactions, users in India frequently face threats such as data misuse, stalking, and targeted advertisements based on intrusive profiling, thus Instagram has raised significant privacy concerns.

They have developed into an essential informational resource, particularly for teenagers and young adults. They thus have a striking effect on impressionable minds. The question of the right to privacy arises here. Every Indian person has a basic right to privacy, which the Supreme Court of India has determined, derives from Article 21 of the Indian Constitution. The challenge is the conflicting claims made by enthusiastic supporters of social media sites and those who affirm that the right to privacy is violated at the request of those platforms, which are praised for their support of free speech and expression.

Despite offering privacy settings, Instagram's complex policies and extensive tracking often leave users unaware of the full scope of data being collected and shared. This article explores how Instagram's data practices challenge privacy rights, examining its data collection, cross-platform sharing, and the implications of algorithmic profiling. This article questions privacy issues related to Instagram, aims to understand the impact that Instagram has been making on privacy through data collection practices, risks regarding user privacy, inadequacies in India's regulatory framework, and proposes measures for strengthening user protections in the wake of changing dynamics of social media.

Role Of Social Media:

As is apparent, Social media has become an intrinsic part of lives of every person in today's modern word, therefore having an obvious impact on us. This impact is both positive and negative as the most positive impact is easy accessibility of information, that too at minimal cost. We get information from all around the world in seconds. Also we get to connect with our family and friends who may be living at a great distance from us.

Coming to the negative impacts, the list is very long. The most threatening one is the breach of the right to privacy, particularly concerning social media. Another reasons being addiction to mobile phones, stress and bad mental health. This can cause change in sleeping routines, various sleep problems and can even be the cause of various psychological problems.

Social media platforms like Instagram plays a pivotal role in shaping privacy dynamics, often blurring the boundaries between public and private spaces. While they offers connectivity and self expression, their business models heavily rely on collecting and monetizing user data, contributing to significant privacy risks.

Features such as algorithmic personalization, geographic location tagging, and real time sharing encourage oversharing, often leading users to expose sensitive information unaware of the consequences leaving users vulnerable to surveillance, profiling and data misuse.

However, social media also has the potential to foster privacy awareness through transparency initiatives. Finding equilibrium requires robust legal frameworks, ethical platform design and great user empowerment to ensure that benefits of social media does not comes at an expense of privacy rights.

Right To Privacy:

Not very long ago, there was a great deal of obscrutiy regarding the dimension of right to privacy under the Indian Constitution However, the nine-judge bench of the Supreme Court in Justice K.S. Puttaswamy v. Union of India[3] held in 2017 that privacy is a fundamental right and comes within the ambit of the right to life and personal liberty under Article 21. However, it cannot be considered as an absolute right and subject to invasion by state, only if such an invasion is based on "legality, need and proportionality for safeguarding this cherished right".

It is very important to keep in mind that there is a need to protect privacy in the physical world also as well as cyberspace. The use of the Internet and social media has become very common in India because of smart devices, lower internet tariffs, and global connectivity.

On one hand, social media platforms offer free platform that will effectively reach out to many audiences for expressing oneself, while on the other hand, expose certain sensitive personal data of the users. Under certain circumstances, a user has information about what social media networking sites are collecting.

The Right to Privacy in the Digital Era:

The right to privacy is one of the fundamental human rights stated in documents, such as the Universal Declaration of Human Rights (Article 12) and the International Covenant on Civil and Political Rights (Article 17).
 However, in digital age, social media platforms continually undermine one's own right to privacy practices. One such challenge is Instagram, owned by Meta, formerly Facebook, which collects vast amounts of information on users for targeted advertisements and optimizing user experience.

How Instagram Infringes Privacy:

1. Data Collection methods - Instagram collects all kinds of user data, from personal information to location data, browsing history, and even biometric data through filters. Some data collection is necessary for functionality. However, Instagram's practices generally exceed this for the services it offers. Users unknowingly agree to that dense jargon-filled terms and conditions.
2. Targeted Advertising - The main source of revenue of Instagram is advertisements stimulated by data analytics. Rich algorithms the platform uses to design detailed profiles based on user interactions, preferences, and behaviours online make its profile invasive to user privacy while also allowing both personalized ads and surveillance issues.
3. Lack of effective data protection mechanisms - Although Instagram boasts excellent security, it has been hacked multiple times. In fact, in 2019, there was a major leak that disclosed millions of users' personal information which raises questions regarding Instagram's ability to protect its users.
4. Third-Party Access to Data - Users also have a serious issue with the fact that data shared by Instagram to third parties may not be kept at the same level of protection as used in the company. This again exploits the users' private data.

User Behavior and Privacy:

While Instagram's policies contribute significantly to privacy infringements, user behavior also plays a role. Many users voluntarily share sensitive personal information, including real-time locations and private moments, without considering the privacy implications. The culture of over-sharing, fueled by the platform's design, exacerbates privacy risks.[i]

Legal and Ethical Implications:

Privacy laws lag behind the development of technology. Although places like the European Union have drastically solidified their laws, such as the GDPR, there are still less comprehensive legislations in other regions. Therefore, without strong laws on privacy, Instagram would function relatively amiss in a country.

Ethically, the actions of Instagram raise questions about corporate responsibility. Prioritizing profits over the citizen's right to privacy is a move that undermines trust and support surveillance culture.

Existing Laws in India on Privacy and their Limitations:

The law of privacy has itself developed in India over the years, but the current legal framework is still struggling to catch up with the challenges of the digital age. The Information Technology Act, 2002, forms the backbone for India's approach to electronic commerce.

Section43A holds companies accountable in case their services are not used to protect sensitive personal information, while section 72A penalizes unauthorized disclosures of information . However, such provisions are narrow in scope and focus primarily on corporate negligence, which leaves much room for amending the law in the interest of preventing modern transgressions such as algorithmic profiling or mass surveillance. Further, the act hardly regulates the practices of social networking sites like Instagram, where the collection and monetization of personal data remains unchecked.

The decisive acknowledgment of privacy as a right under Article 21 of the Indian Constitution marked the turning point. A judgment by the Supreme Court in 2017 on Justice K.S. Puttaswamy v. Union of India reaffirmed that privacy is intrinsic to human dignity and autonomy. Although this judgment laid a strong foundational constitutional precedent, it was not immediately made effective in the legal system as an enforceable protection. Many privacy challenges, most of which are brought about by social media companies, remain in a legal gray area in which there is no clear statutory guidance for those individuals being used.

The Bharatiya Nyaya Sanhita, 2023, that replaces the IPC and introduces updated provisions to address offenses related to privacy and online harassment, which became effective from July 1, 2024. Key areas relevant to social media misconduct include:

• Section 354D: This section deals with stalking, which includes cyber stalking, by criminalizing repeated monitoring or contacting of an individual without consent, thereby safeguarding against online harassment.
• Section 499 and 500: These sections deal with defamation. These sections provide legal relief when a person's reputation is harmed through defamatory statement or content published online.
• Section 509: These sections have dealt with acts meant to insult the modesty of a woman that includes online abuse or harassment or obscene gesture or remark through any social media application.

The provisions in BNS, 2023 intend to make legal protection against digital abuse more robust and emphasize accountability within online interactions. India's first comprehensive data protection legislation, known as the Digital Personal Data Protection Act, 2023 (DPDPA), was enacted as a response to these gaps. The law requires explicit consent for processing personal data, the right of access, correction, and erasure, and puts liability for breaches. The law also has punishments in case of breaches. However the act has limitations. Government agencies have been allowed wide exemptions under the guise of national security or public order, sowing uncertainties regarding unchecked surveillance. Moreover vague laws on cross border data transfers and an unassured enforcement mechanism severely this act's potential towards effective privacy safeguarding.

Reformative Laws needed for better Privacy Protection:
The shortcomings of the existent laws must be addressed and citizens' right to privacy should be guarded in an effective manner through wholesome reforms. The entire data protection mechanism in India needs the reformatory grade of the DPDPA. The law regarding data protection must indeed bring sterner rights for the user, such as data portability rights and rights to be forgotten. These provisions would give users more mastery over their personal data, especially on Instagram, where data collection is extensive.

Moreover, the exemptions by the government under the guise of national security must be limited with proper checks and balances to prevent any abuse.

Regulating social media platforms is another crucial step in safeguarding privacy. Platforms like Instagram must be mandated to disclose how their algorithms collect, process, and prioritize user data. Transparency about data-sharing practices with third parties, especially advertisers, is essential to prevent exploitation and unauthorized use of personal information. This can be achieved through laws that enforce accountability and impose significant penalties for violations.

Protection for children and other vulnerable groups would be equally protected under a privacy-centric legal framework. Therefore, laws should incorporate provisions that prohibit a business from collecting personally identifiable information from minors without first obtaining parental consent for the same. All data related to children should be dealt with the best possible standards of security. Vulnerable communities, subject to profiling and discrimination in the society, should find adequate special protections from misusing their personal information.

Reforms should also incorporate the basic design of digital platforms. The enforcement of privacy-sensitive design principles would guarantee that user data is protected at all stages of a product's lifecycle. Features like easy-to-understand privacy settings, anonymization of data, and minimal data collection by default can significantly enhance user privacy. Social media firms should be compelled to adopt such mechanisms as part of their normal operations.

Severe punitive measures and regulating instruments would discourage privacy violations. An independent data protection agency with capability to protect, audit, investigate, and punish would establish strong accountability. The current lack of effective enforcement mechanism undermines the laws in place, as companies are able to bypass or delay compliance.

Regulating surveillance activities is another essential area of reform. Laws must limit the capability of the government to pursue access and monitor user data by mandating judicial oversight for all requests to conduct surveillance. Such a move would improve accountability and protect citizens against invasive practices that violate their right to privacy.

A central place that needs to be granted to awareness and education in reforms concerning privacy, as many users in India, especially those from rural or less digitally literate backgrounds, are not aware of their privacy rights and the implications of data sharing. National campaigning in schools and other community outreach initiatives help a great percentage of users make informed decisions about their data.

Conclusion:
The right to privacy in the age of social media presents a dual-edged challenge, especially on platforms like Instagram that thrive on user-generated content and personal data. While India's evolving legal landscape, marked by developments like the Digital Personal Data Protection Act, 2023, and the Bharatiya Nyaya Sanhita, 2023, reflects an intent to modernize privacy protections, gaps persist in effectively addressing the nuances of digital ecosystems.

Critically, existing frameworks often struggle to reconcile the speed of technological advancements with legislative inertia. For instance, while the judiciary has affirmed privacy as a fundamental right, enforcement mechanisms lack the agility required to address cross-border data flows, algorithmic biases, and the pervasive monetization of personal information. Moreover, provisions for redressal, such as intermediary guidelines, though well-intentioned, may inadvertently lead to overreach, threatening freedoms like expression and dissent.

On the other hand, social media platforms, despite implementing privacy-enhancing tools, continue to prioritize profit over protection, evident from recurring data breaches and opaque algorithms. This dynamic underscores the inadequacy of mere legal safeguards without systemic reforms in corporate accountability

A critical path forward must emphasize harmonizing individual rights with technological innovation. This includes stricter implementation of laws, public education on digital rights, and fostering global cooperation to regulate transnational platforms. Without this balance, privacy risks being relegated to an aspirational ideal, overshadowed by the commercial imperatives of the digital economy.

References:

• The Constitution of India
• The Information Technology Act, 2002
• Puttaswamy v. Union of India (2017), 10 SCC 1. https://main.sci.gov.in/
• Privacy, Social Media, and Legal Developments in India. https://www.livelaw.in/
• Bharatiya Nyaya Sanhita (BNS) 2023: Key Reforms in the IPC. https://pib.gov.in/
• Digital Personal Data Protection Act, 2023 https://www.meity.gov.in/
• Impact of Data Protection Laws on Social Media. Available at: https://economictimes.indiatimes.com/
• Understanding the Role of Social Media in the Privacy Infringement Debate", S. Gupta, Journal of Digital Law, 2022
• "Social Media and Data Privacy: A Critical Review of Instagram's Policies", A. Sharma, Indian Journal of Cyber Law, 2023
• Understanding Privacy Infringement and Social Media: Implications of Data Protection Laws", L. Kumar, Digital Privacy and Security Journal, 2022
• https://enhelion.com/blogs/2022/03/11/right-to-privacy-and-its-significance-in-social-media/

Written By: Kanishka Patel, Student of 4th year B.A L.L.B at University College of Law, Mohanlal Sukhadiya University, Udaipur