Legislative Regulations Of Online Dating In India
Online dating is growing rapidly in modern times. Uncertain factors like the COVID-19 pandemic coupled with unfortunate turbulence harm relationships. In contemporary times dating applications and websites are widely used in search of a romantic partner. In an article published in The Times of India, it was stated that the second wave of the COVID-19 pandemic in India saw a 20-25% rise in the usage of dating sites and apps.
With the rise in the use of dating apps, cyber crime rates are also increasing. To reduce online crime rates and make online dating safe for people government has imposed regulations for dating sites and apps to adhere to.
To create a profile on a dating app you are required to fill in basic information like your name, age, location, and photos. This personal data is to increase the traction on a profile and to get higher visibility. This may seem hurtless but amounts to implicit consent being granted to the dating application to collect data. This data collection is not done for safekeeping proposes but has notably been shared with other third-party apps. Also, there is no information available on how long the companies keep an individual’s data even after a user’s account is deleted or deactivated which is a flagrant violation of one’s fundamental right to be forgotten.
In November 2020, the vulnerabilities in the security mechanism employed by Bumble were exposed to external factors and made the location and other personal details of users including photos collected by the app over six months, public. This was a wake-up call, not just just for Bumble but for all apps to upgrade their encryption scheme. The lack of end-to-end encryption on popular dating apps and websites is a double-edged sword, the half-hearted measures were insufficient as data like photos and dating preferences can still be accessed by an attacker. This information can be misused by attackers and the companies to whom we provide our data.
Law governing dating apps
The dating apps have a vigorous private policy and redressal mechanism to resolve users’ problems. An individual can report a fake profile, content being offensive, etc. using the in-built features of the application. The apps have introduced many features to confirm the user’s identity. But, this verification process is not foolproof. In times when there are big violations that require intervention by law enforcement authorities.
Following are the provisions applicable in the Indian context:
The Constitution of India
In its landmark decision of Retd. JusticeJustice KS Puttaswamy vs Union of India, the supreme court of India read the ‘right to privacy as a part of the wide array of constitutionally guaranteed fundamental rights under Article 21. The right to privacy under Article 21 of the Constitution includes the ‘right to be forgotten, as was opined by Justice SK Kaul in the aforementioned judgment.
The Indian Penal Code, 1860
In Shreya Singhal vs Union of India, the reading down of Section 66A of the Information Technology Act, 2000 doesn’t absolve a person from sharing offensive or unwarranted content online. The provisions of the Indian Penal Code 1860 would apply to the content shared across these applications.
Section 354 of the Indian Penal Code is an umbrella provision concerning the assault of criminal force on a woman with Sexual Harassment with imprisonment that can be extended to 3 years, monetary fine, or both, Voyeurism with imprisonment of between 3-7 years or a monetary fine and Stalking with 3 years of imprisonment or fine for the first conviction and 5 years of imprisonment and fine for a second conviction.
Section 509 further penalizes words, gestures, or acts intended to insult the modesty of a woman with imprisonment that may extend to 3 years.
Section 383 read with 384 prescribes imprisonment which may extend to 3 years for extortion. Section 416 read with 419 punishes cheating by personation with the same period of imprisonment. Defamation, however under Section 499 read with 500, is punishable by imprisonment which may extend to 2 years. The same punishment is prescribed for criminal intimation by an anonymous source under Section 507 of the IPC.
3. The Information Technology Act, 2000
Dating sites and apps fall under the ambit of the Information Technology Act. Because these apps can only be used by adults, the provisions relating to minors shall not be discussed.
Computer-related offenses are concerned under Section 66 of the IT Act. Imprisonment or a fine of 1 lakh INR can be imposed under Section 66D for fraud using a communication device or computer.
A fine of up to 2 lakh or imprisonment can be imposed under Section 66E for non-consensual capturing, sharing, or transmitting photos of one’s bodily private parts.
Both Sections 66D and 66E attract imprisonment that may extend up to 3 years.
Section 67 of the IT Act states that the publishing or sharing of obscene material in electronic form would be punishable in both first convictions with imprisonment for 3 years and a monetary fine of 5 lakh INR as well as in the second conviction with imprisonment for 5 years and a monetary fine of 10 lakh INR.
Section 67A follows a similar mode of punishment for the publishing or sharing of sexually explicit content in electronic form, with a monetary fine of 10 lakh INR and an imprisonment of 5 years oonn the first conviction and 7 years on the second conviction.
4. Personal Data Protection Bill, 2019
Dating apps have been consenting to the provisions of the General Data Protection Regulation (GDPR)- the European Union’s data protection legislation since 2018. The legislation was made to ensure that one’s data is neither collected nor utilized without the user’s consent. But this compliance seems a mere formality, as Tinder and Grindr were subject to a probe for non-compliance with the GDPR in 2020.
However, at the moment India doesn’t have official legislation governing the usage of personal data. The closest thing India has to the GDPR is the Personal Data Protection Bill 2019 (PDP Bill). Chapter II under PDP Bill imposes certain obligations upon a data fiduciary, the most notable are limitations placed under Clauses 5 and 6 on the purpose of processing and collection of personal data, respectively. Clause 9 imposes a restriction on the retention of personal data, and Clause 11 mandates the consent of a data principal before processing the personal data.
Chapter V of the PDP Bill grants rights to persons whose data is collected, such as the right to be forgotten and the right to correction and erasure of data. The mandatory data localization requirements under Chapter VII of the PDP Bill are a saving grace, as the personal data collected cannot be transferred outside Indian territory. However, this discussion remains purely academic till the time it gains legislative status as the PDP Bill is not a law yet.
5. ‘Significant’ Other- IT Intermediary Guidelines, 2021
In February 2021, the Ministry of Electronics and Information Technology notified the Information Technology Rules 2021 (Intermediary Guidelines and Digital Media Ethics Code). This regulation guides intermediaries and prescribes their functioning mechanism.
Rule 2(w) of the IT Rules 2021 state a ‘social media intermediary’ as one that primarily or solely allows online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services, whereas Rule 2(v) of the same declare a ‘significant social media intermediary’ to be a social media intermediary where the registered users in India exceed the threshold determined by the Central Government.
Rule 3 of the IT Rules addresses concerns that a dating app user could come across, such as the mandate of storing data for 180 days after the account is deleted or deactivated. However, Rule 3 doesn’t say anything about the anomaly of a user merely deleting the application but the user account.
Intermediaries like Whatsapp sought judicial intervention before Delhi high court after the intimation of the IT Rules 2021. The written petition was filed on the ground– the IT Rules 2021 have the potential to breach the end-to-end encryption offered by these services.
Conclusion
How does a person ensure easy, effective provision of a service on a technological development without violating one’s rights? The obvious choices before a company are higher penalties, a more user-friendly privacy policy, and a ban on intentional mismanagement of data, but, surprisingly, they are not implemented. In such circumstances, a reading of the IT Rules with the PDP Bill would be necessary to create an equitable Indian version of the GDPR.
It must be ensured that the faith a user puts into the hands of a company, to seek love and connection, should not be exploited. The pre-emptive measures can only be applied after the enactment of the PDP Bill as an act.
The IT Rules offer respite to the extent that they don’t violate a user’s fundamental right to privacy. It is imperative to make sure proper compliance with what we have to help people find their one true love virtually.
References:
https://tclf.in/2021/11/29/not-ok-cupid-law-governing-dating-apps-in-india/
https://assets.publishing.service.gov.uk/media/5b114a8040f0b634abe911e7/compliance_statement.pdf