Post default

Legal Issue in Privacy Policy & Terms of Use that Every Web/App Developer Should Know

By Arunesh Bhardwaj July 29, 2016


In the age of internet and smart phones, every facility is just a click away on an app. You need a cab; it is just a click away. You are hungry and need food, the food is just a click away.

An application or app is a medium that helps in providing different facilities to its user and nowadays there is application for almost everything. A developer develops an application which on the basis of the information collected from the user gives the requisite information that is sought by the user. So, in the process of providing the information to the user; the app also collects information about the user.

As per section 2(1)(v) of the Information Technology Act, 2000; information includes data and data means representation of information, knowledge, facts. So, anything about the user that an application needs is information and without this information, the application won’t be able to provide service to the user. Now, in accordance with the legal provisions, there are 5 things that a developer must keep in mind while developing an app:


  1. Privacy policy must be clearly disclosed and mentioned.

Information that pertains to an individual and which is not available in the public domain is private information. By sharing a private information, the information provider or the user discloses certain facts that if shared will be breach of his privacy. The developer by way of privacy policy states and discloses the method in which this information will be used.

Rule 4 of Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (hereinafter IT Rules, 2011); says that if a body corporate or any person who on the behalf of any body corporate collects, receives, posses, or stores information of any user, the body corporate will have to provide a privacy policy which will disclose the handling of these information. Further, the body corporate will have to ensure that the information so collected is available for view by such information provider.

The body corporate will have to ensure that the privacy policy so disclosed must include the following:

  1. Clear and easily accessible statement of its practice and policies
  2. Type of information that will be collected
  3. Purpose of collection and its usage
  4. Security Practices and Procedures.


  1. The consent of the user must be there

The information about an individual comprises the privacy of the person and this information can be taken only if prior consent from the person is there. Now, if we take the information about the user without user’s consent it will be considered as a breach of privacy. To ensure that the user’s right to privacy is not breached, the consent of the user needs to be taken.

Sub-Rule 1 of Rule 5 of IT Rules, 2011; clearly mentions that a written consent of the information provider needs to be taken before collecting the information and this consent can be given through letter or fax or an email.


  1. The user must have knowledge that the information is being collected.

One can’t collect any information (which is not in public domain) about an individual without his knowledge. The person must be aware about the details and the fact that information about him is being collected. Apart from the knowledge that information is being collected, the user must have detailed information about why the information is being collected and to whom this information will be catered to.

Sub-Rule 4 of Rule 5 of IT Rules, 2011 directs the person or the body corporate collecting the information to ensure that while collecting the information, the information provider is having the knowledge that the information is being collected. Apart from the above, the person collecting information will also have to ensure that the information provider is having the knowledge of:

  1. The purpose for which the information is being collected.
  2. The intended recipients of the information.
  3. The detail of the agency collecting and retaining the information.


  1. The user must be provided with an option to not provide information

The main issue that needs to be taken care of while collecting any information is the privacy of the user. The person or the body collecting the information has to ensure that the privacy of the user is not breached.

As per Sub-Rule 7 of Rule 5 of IT Rules, 2011, the person or body collecting the information will have to provide the information provider with an option by way of which the information provider can opt to not provide the information that is being sought by the corporate body or any person. Also, the information provider must be provided with an option by way of which, at any time while availing the service of the body corporate, he can withdraw his consent given to the body corporate earlier.


  1. The information so collected when disclosed must be done with the permission of the user.

As per Sub-Rule 1 of Rule 6 of IT Rules, 2011, the information provided by the user can’t be shared to any third party without the consent of the user. This consent can be taken in any of the following ways:

  1. The permission to share the information to any third party can be mentioned in the contract signed between the user and the body corporate.
  2. The permission to share any information to any third party can be taken before doing so.

If the disclosure of such information is necessary for complying with any legal provision then the consent of the user is not required. Also, the consent of the user will not be required wherein the information has to be mandatorily shared with any government agencies.



The most important thing that a web developer needs to take care of is that while using the app, the privacy of the user is not violated in any way. The above mentioned points are in a way a checklist which will help the developer to ensure that the privacy of the user is not being breached in any way. The check list is not an exhaustive list but these are the important points that need to be taken care of.


Image Credits:

TAG: app , website , privacy policy , terms of use , terms and conditions , disclose , consent , user , india , information technology act

Default avatar
Licensed for 0 years
Uttar Pradesh, Noida

Comments 0

Please Login or Register to Submit Comment

You may also want to read

Post default

licenses ,   online ,   shopping ,   flipkart ,   amazon ,   e-commerce ,   website ,   rules ,   security online

Flipkart aims to double sales to $8 bn this year (March 2015-The Times of India)

Amazon India scores highest in user loyalty, says study (Forbes 2016)

The Shopping Malls Really Are Being Killed By Online Shopping (NDTV Times March 2016)

We come across headlines as above related to online...

By Bhavneet Vohra July 29, 2016
Post default

consumer ,   consumer rights ,   consumer forum ,   complaint ,   consumer protection act ,   india ,   jaago grahak jaago


The moment a person comes into the world, he starts consuming. He needs clothes, milk, oil, soap, water and many more things and these things keep taking one form or the other all along his life. Thus we all are consumers in the literal sense of the term. The Government understood...

By Bhavneet Vohra July 29, 2016
Post default

triple talaq ,   divorce by muslim men ,   afreen rehman ,   shaira bano ,   bharatiya mahila muslim andolan ,   all india muslime personal law board ,   shayara bano ,   india ,   petition ,   talaq talaq talaq ,   triple talak

Afreen Rehman, 25 years old, was divorced just after a few months of her marriage.

Shaira Bano, 35 years old, received a talaqnama from her husband which ended her 15 years long marriage.

Both were divorced via speed post. However, Afreen Rehnman and Shaira bano are not the only two ‘victims’ of...

By Neha Agarwal June 24, 2016
Do you have a Will?
Why not create one now for free in under 10 minutes!

Get started now