Online Privacy in Relation to E-Contracts

Estimated Reading Time: 11 minutes

Online privacy is linked with the E-Contracts. In the contemporary world each and every transition over internet is governed in the form of E-Contract. E-Contracts don’t have recognition under Indian Contract Act 1872, but internationally these have been recognized for the first time under Article 13 of the UN convention on contracts for International sale of goods (1980) (CISG) which mentions that ‘writing’ includes writing on telegram also.[1] Even after the international recognition by CISG, the legal enforceability of E-Contracts was in question. Therefore United Nations commissions on international trade law (UNCITRAL) adopted a model law in its Article 16 and legality of an online electronic contract has been recognized.[2] It also adopted under Article 7 that for electronic commerce in which even electronic signatures are validly recognized as acceptance to an offer. After that European Commission also adopted E-Commerce directives to legally adopt electronic commerce in the EU market.

After the worldwide recognition of E-Contracts, India also legalized the validity of E-Contracts under Section 10-A of the Information Technology Act, 2000 and Section 65 of Indian Evidence Act, 1872.  Section 10-A of the IT Act explicitly tells that ‘a contract could be validly formed by using electronic medium of forming the contract.[3]’ Also Section 65 of the Indian Evidence Act exhibits that ‘court should recognize the electronic documents produced for the contracts formation.[4]

E-Contracts also include communication, offer and unconditional acceptance, lawful purpose, lawful consideration, competent parties and free consent, which are pre-requisites of a non E-Contract mentioned under Indian Contract Act, 1872.[5] Also E-Contracts could be formed using e-mail, fax and internet. Each and every act performed on the internet, from trading in shares and debentures to accepting the terms and conditions of an online application, all are considered as E-Contracts. But, the major problem with E-Contracts is the privacy issue. There are lots of privacy problems in E-Contracts because the premise of these contracts is bases on Adhesion. Adhesion Contracts are leave it or take it contracts. These are the standard form of agreements where one party doesn’t have any means to negotiate over the terms and conditions of the contract. The absurdity of adhesion contracts is that for such a leave it or take it contracts, how far we can say that my assent is with you?

There are basically three types of E-Contracts are there, and we can understand that how these E-Contracts are Adhesion Contracts where the user has a zero negotiating or bargaining power and is bound to accept the terms and conditions while opening any app, even if those terms and conditions are arbitrary in nature. The three types of E-Contracts are[6]:

  • BROWSE-WRAP AGREEMENTS: In these form of agreements, there is a hyperlink at the bottom of the website in which the various terms and conditions of using website or any downloadable app is provided. The moment we click (www……….) or the moment we click the download button, it is automatically meant that we are bound by the terms and conditions of the application. This usually happens with all of us when we download any application from play store by clicking download button. In the landmark case related to browse-wrap agreements of Specht v. Netscape, the court held that “a consumer’s clicking on a download button doesn’t communicate assent to contractual terms if the offer didn’t make clear to the consumer that clicking on download button would signify assent to those terms”[7].
  • CLICK-WRAP AGREEMENTS: These contracts came as a consequence of browse-wrap agreements. Whenever we install and open any social media app like Facebook, Instagram, Netflix, Whatsapp and Twitter every time we have to click ‘I Agree’ button displayed on the screen to open the app, certain terms and conditions were written in that ‘I Agree’ button either we could agree with it or we could deny it.
  • SHRINK-WRAP AGREEMENTS: These are software agreements. In such agreements there is a box and the moment we open the box it is meant that we are bound by the terms and conditions of the contract. The validity of Shrink-Wrap agreements is questionable. In the landmark case of Pro CD v. Mathew Zeidenberg, Mathew purchased a CD-ROM which is a compilation of a telephone directory. On the outside surface of the packet, a notice was written which restricted the use of database for non-commercial purpose.[8] Mathew sold that CD-ROM for the commercial purpose. The court held that he was not liable because information about terms and conditions are inside the box and hence the validity of the shrink-wrap agreements is questionable.
Also Read  Legal Effect Of Share Certificate

All the above three forms of E-Contracts are more or less Adhesion Contracts where we as a party, has a very low remedy to bargain over the terms and conditions of the contracts.  We could understand that if such contracts are Adhesion Contracts, then the superior bargaining position party (which are apps like Instagram and Whatsapp here) could easily put any unreasonable terms and conditions and could easily get the assent of the users. Over the period of time it was realized that these apps often put such unreasonable terms and conditions which include sharing of data with any other online applications or research organizations, which is primarily a matter of one’s privacy.

One such incident came out in 2018 where Cambridge Analytica, a British political consulting firm was exposed by a sting operation. This firm has steeled private data of around 50 million users of Facebook. The more shocking news was that only 50000-70000 people data has been steeled which lead to the numbers up to 50 million. The Cambridge Analytica extracted data of people from the friend lists of users of Facebook and used it to create psychometric profiles to be used by personalized political apps, adds, campaigns and results. It also used sexual scandals, fake news and dirty tricks to swing elections throughout the world. Mark Zuckerberg publicly apologized for this, but the fact is that social media giant Facebook was aware about data being stolen from its platform because it had received number of warnings about its data security policies and particularly about Cambridge Analytica data breach since 2015. But, then also Facebook didn’t take any preventive steps to curb these.[9]  

Instagram has three arbitrary terms and conditions which violates the privacy of the users. These three conditions are:[10]

  • Class action suit can’t be filed against Instagram. It means a suit can’t be filled against Instagram collectively.
  • Instagram has the sole copyright over the photos and content on its platform. It means prima facie account is of user but copyright over the account is of Instagram.
  • Instagram has the right to disclose personal information of the users to 3rd parties.

Netflix also has two arbitrary and unreasonable policies which violates the privacy of the users.[11]

  • Netflix can change its terms and conditions any time without informing its users. Its means it can disclose the private data of users even without informing them.
  • Also Netflix can disclose personal information to 3rd parties without permission of the users.

Due to such arbitrariness of these contracts, some people often term them as Unconscionable Contracts. These are the contracts that don’t adhere to the principles of goodness, justice, equity and fairness. These contracts are void ab initio. Adhesion Contracts and Unconscionable Contracts are based on the principle of Contra Proferentem. Contra proferentem is a Latin term which means against the person who is making the offer. It provides that the person who is in the superior bargaining position, the onus is on him to prove that he didn’t put such arbitrary and unconscionable terms and conditions in the contract by taking advantage of his superior position. This principle is used by judges in the court of law.

Also Read  One Person Company under the Company Law

As the transition, commerce and indulgence of people on online platforms had been gradually increased over the years, government also has framed legislations to protect the privacy of the users where they are at the lower bargaining position while contracting electronically. Remedy under Indian Contract Act, 1872 could be found under Section 16 which renders contract voidable if the consent is vitiated by ‘Undue Influence’ by the party at the superior position. Also, if privacy is considered as a vital part of Public Policy and the contract is seemed unconscionable prima facie, then contract could also be rendered void under Section 23 of the Indian Contract Act. The validity of such contracts could be challenged under Section 10-A of the Information Technology Act and Section 65 of Indian Evidence Act.

There is a serious need to protect the privacy of users from the arbitrariness of online applications as we have seen in Cambridge Analytica case. These companies have been reluctantly compromising with the privacy of their users since their inception, but they should understand that privacy is a very sensitive issue which could create a lot of problems if exposed or shared through every means. Also Right to Privacy is a fundamental Right enshrined in Article 21 of the Constitution of India which cannot be waived away by any means. In the landmark judgment of R. Rajagopal v. Union of India (1994), the Hon’ble Apex court held that“the right to Privacy is covered under the ambit of Right to personal liberty guaranteed under constitution of India. It further recognized that the right to privacy can be both an actionable claim and also a fundamental right.”[12] I think it is indeed a necessity to tackle the issue of Privacy, because huge giants and online app companies can do anything with the secret data of the users for the sake of money or political advantage. Government could act as a regulator in this regard and could make much more stringent laws for the protection of Privacy of the users.

[1] United Nations Convention of Contracts for International Sale of Goods, 52 U.S.C §  6262, 6264-6280 (1980).

[2] United Nations commission of International trade law, UN Doc A/31/98, 31st Session Supp No 17.

[3] Information Technology Act, 2000.

[4] Indian Evidence Act, 1872.

[5] Indian Contract Act, 1872.

[6] Georgina Pereira, E-Commerce and E-Contracts: Overview And Analysis (March 19, 2020),

[7] Specht v Netscape, 22 III.306 F.3d 17, 11 ILRD 832, 2002 ILRC 2017 (2d Cir. 2002).

[8] Pro CD v. Mathew Zeidenberg, 86 F.3d 1447, 39 U.S.P.Q.2d 1161, 1 ILDR 634 (7th Cir. 1996).

[9] Nicholas Confessore, Cambridge Analytica and Facebook: The Scandal and the Fallout So Far, The Newyork Times (April 4, 2018)

[10] Privacy Systems & Information, Instagram Help Centre

[11] Privacy and Security Help Page, Netflix Help Centre

[12] R.Rajagopal v. Union of India 1995 AIR 264, 1994 SCC (6) 632.