“When an online service is free, you’re not the customer. You’re the product” -Tim Cook "I think it's important that we don't all get Stockholm Syndrome and let the companies that work hard to charge you more convince you that they actually care more about you" -Mark Zuckerberg The fight between Apple and Facebook is like a pot calling the kettle black. In the wake of the pending user privacy changes in iOS 14 wherein the user needs to consent vide a pop-up to allow applications to track their data, furious Facebook has apparently decided to file an anti-trust lawsuit against Apple. Not only that, Facebook has also started a new advertisement campaign called “Good Ideas Deserve to be Found” as a defense to them shoving advertisements down their users’ throats. As per Facebook, the benefactor is not just the user, but also the small businesses who cannot always pay for expensive advertising. Facebook also plans to execute a pop-up that will be launch on user’s screen before Apple’s pop-up requesting the user to allow it to use its data. However, Apple does not seem to back down and seems to be in the mood to take Facebook head-on. Apple is also said to be trying to build its own search engine to replace Google, however that may take a very long time. Apple's hypocrisy of being concerned about users’ privacy is well known. The awaited user-friendly pop-up is definitely a fresh change and a first step to prove that Apple can walk the talk. But do only users of expensive Apple products deserve to have their data protected? How can we as users of internet unitedly ensure that our data is protected? Can we be the owners of our data?

WHAT CAN A STATE DO TO PROTECT ITS CITIZENS’ RIGHT TO PRIVACY?

Privacy in digital age does not concern publication in newspapers but collection, use and disclosure of personal information by known and unknown government entities. This Personal information now drives the economy and is more often than not used to influence policy, elections, identities and even our moods (Footnote 1). Therefore, it is very important how the legislation on data privacy is drafted. While drafting its data privacy legislation, States must ensure inculcating certain principles in its legislation so that its citizens’ privacy is protected by tech giants like Facebook, Google and others alike. These principles are:

RIGHT TO BE FORGOTTEN

Right to be forgotten is a law in the European Union and it is codified in General Data Protection Regulation (GDPR) which was entered into effect in May 2018. As per Article 17 (Footnote 2) of GDPR a data subject has the right to erasure (‘right to be forgotten’) whereby a ‘data subject’ will have a “right” to ask the controller of its data to erase it from the internet history based on certain grounds. Additionally, it is not a superficial right, it has acquired a status of deemed fundamental right and is deemed to be an integral part of the fundamental right of privacy (Footnote 3) . This right has been largely discussed with respect to deletion of data regarding past misdemeanors for which one has already suffered punishment and a reminder on the internet is a form of double jeopardy. This right can be used on a day to day basis to ensure your data is protected. However, extending the right to be forgotten globally is said to threaten free speech, burdens private companies, intrudes on sovereignty, and is fraught with looming risks. Not incidentally, it would also do next to nothing to advance its stated goals (Footnote 4) . Additionally, right to be forgotten is inconsistent with fundamental US values i.e freedom of expression and of the press (footnote 5) and US has traditionally emphasized freedom of expression over privacy as a fundamental value. A representative of Facebook, for example, suggested that the EU approach was to "shoot the messenger," in that the "source of the content" rather than the "places where the content is shared," should be the focus of any efforts to promote privacy controls (footnote 6).' The SCOTUS has time and again held that newsworthy, true stories are protected by freedom of press even if they cause embarrassment or harm or the subjects of the stories (footnote 7). However, Courts have rejected claims that other kind of privacy violate the First Amendment like trespass, eavesdropping, wire tapping, stalking, industrial espionage nor do professional duties of confidentiality like the attorney-client privilege or contractual agreements not to disclose information receive special First Amendment protection (Footnote 8). The other argument that data is speech and must be protected under First Amendment is irrational. Just because something is speech does not mean it cannot be regulated. Equal Protection Clause of the Fourteenth Amendment faces the same issue. A superficial reading of the clause may mean government cannot treat people differently other they are denied “equal protections of the laws”, however the government treats citizens differently all the time, on the basis of age, on the basis of wealth, education, criminal activity etc. As long is it is rationale, it is constitutional. Therefore, same goes with speech, it is everywhere and gets regulated all the time. First Amendment does not provide absolute protection for all uses of works, let alone for automated and mechanized data flows or sale of information as commodity. Therefore even though opinion about right to be forgotten is largely divided amongst various jurisdictions, depending upon the core values of a State, right to be forgotten may be adopted in a lighter/milder form so that it can pass off as constitutional.

Transparency

People must know the types of data is being collected by any website or other electronic means, how it is being used and if it is being shared with third parties. Third parties also must readily provide this data to people. Additionally, how the data is being collected and what mechanisms are being used for tracking user activity or data.

Users must be able to control their data There must be a mechanism by which users can communicated that they donot what their data to be tracked. And if a user opts for this, it must be respected. Users must explicitly opt-in to each specific data component to be retained in this situation. This requirement extends to all “partner” third party sites, cloud services, and collection devices. Additionally, just because a user consents to collect its data doesnot mean the website can collect and store the data of user’s family and friends.

USERS MUST BE NOTIFIED

Incase the user’s data is being stored or collected or being misused or is lost, it must be promptly informed to the user. Users must be made aware of the sources of violations and the responsible parties who violate their privacy.

CONCLUSION Constitutional challenges may be faced in order to legislate for privacy of data. However, in a democratic society in a time of technological advancement and changes every singled day, a few policy mistakes may be allowed. What is most important is that rights to make data mortal does not in principle threaten free public debate or democratic self- government. Therefore, due consideration must be given to freedom of speech and press while legislating data privacy but not so much so that one takes priority over another.

1. https://heinonline.org/HOL/LandingPage?handle=hein.journals/wmlr56&div=40&id=&page=

2. Article 17. 1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a.the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b.the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; c.the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); d.the personal data have been unlawfully processed; e.the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; f.the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). 2.Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replic_ation of, those personal data. 3.Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: a.for exercising the right of freedom of expression and information; b.for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; c.for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3); e.for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or d.for the establishment, exercise or defence of legal claims.

3. Article 8, Preamble of the Unified Treaties of the European Union.

4. https://www.scmp.com/yp/discover/your-voice/opinion/article/3056962/dangers-and-problem-right-be-forgotten-internet

5. https://www.psfk.com/2011/05/the-right-to-be-forgotten-questioning-the-nature-of-online-privacy.html

6. https://www.theregister.com/2011/03/23/facebook_shoot_messenger/

7. The Florida Star v. B.J.F., 491 U.S. 524, 532 (1989) ("[l]f a newspaper lawfully obtains truthful information about a matter of public significance then state officials may not constitutionally punish publication of the information, absent a need to further a state interest of the highest order.")

8. https://heinonline.org/HOL/LandingPage?handle=hein.journals/uclalr52&div=30&id=&page=