Image Source:

This article is written by Atchaya J, pursuing a Diploma in Advanced Contract Drafting, Negotiation, and Dispute Resolution from Lawsikho.


“I Agree” – is the most familiar internet term across all users no matter which corner of the world they live in. “I Agree” is the option that a user exercises agreeing to the terms of a site or app or any service in order to access the same. It sounds way simple to be actually way more complicated in real life.

To begin with, the following series of events happen when you click this button:

Download Now
  1. The search engine or social networking service mine the information given by you (the user) and then sell it to external developers and marketers.
  2. As soon as the information is sent to private third parties, your information is stored in remote network servers.
  3. At this point, you may close the site, or window, or computer and burn it away but the information has gone beyond your control or even the website’s control.

In short, a user does not pay money to use the social networking sites or search engines, rather it compensates with its private information to access the service. The same goes for every public and private account on social media platforms.

Terms of use policy of popular websites

Before we critically analyse the terms that we agree to let us take a look at the actual terms of some of the most popular service’s Terms of Use Policy:

  1. Google’s Terms of Service: “Our automated systems analyse your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.”
  2. Amazon’s Privacy Notice: “Like many Web sites, we use “cookies,” and we obtain certain types of information when your Web browser accesses or advertisements and other content served by or on behalf of on other Web sites.”
  3. Facebook’s Terms of Service: “You give us permission to use your name and profile picture and information about actions you have taken on Facebook next to or in connection with ads, offers, and other sponsored content that we display across our Products, without any compensation to you.”
  4. Apple’s Privacy Policy: “Apple and our partners and licensees, such as maps data providers, may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device.”

Birth of terms of use agreement

Right where it began, everything went wrong. The Internet market was young in the late 1990s and regulators simply went ahead with a system of “notice and choice” to protect user’s data. It means as a user you shall be notified of a company’s data practices and given the choice to proceed with it to access the service. That will act as your consent and privacy is deemed to be legally in your control.

When in the actual scenario, the company gets legal protection automatically as the consent of the user is obtained at free will. It fails to recognise that the user does not get the option to exercise its control over its data, it only gets the control over accepting or rejecting the user agreement. Thus, the user is bound to agree to the terms to access the service, as rejecting simply means that access to the service is entirely denied. This again contradicts the “free will of consenting” aspect of the user agreement.

Enforceability of paper and electronic standard form

Standard form contract is also referred to as a contract of adhesion, take-it or leave-it contract or a boilerplate contract which is a contract between two parties, where the terms and conditions are set by one party which are either mutually beneficial or exploitative. These terms of use agreements take the form of browsewrap or clickwrap or web wrap agreements in the online space. They are available on the take-it or leave-it basis as discussed above, aligning with the nature of standard contract of adhesion. A standard form of contract is just a structure of myriad terms, devised and proposed by the party with higher bargaining power. These are carried out on a regular basis fuelled by the exponentially growing e-commerce market. This take-it or leave-it model of agreement makes consumer acceptance inevitable and consumer engagement is high. But unlike normal standard contracts where the principal responsibility of the consumer is payment, the terms of use policy get consumer data as consideration. Consumers by and large agree to the terms without even reading it given the fact they lack any bargaining power and the understanding of the legal terms.

Despite all challenges which lie therein, as long as the users are provided with adequate opportunity to review the terms and have control over their consent, these electronically-made agreements create enforceable contracts. As far as standard form is considered, there is no separate legislation dealing or regulating the same. It is governed under the provisions of the Indian Contract Act, 1872 and the Indian Technology Act, 2000.

Enforcement of privacy through privacy policies

The modern internet market entirely differs from its nascent stage. The entire system is now based on data-oriented advertising. These user agreements, terms of user agreement, data policy, privacy policy etc., very conveniently transfer the risk of data processing to the users. But how are these complex documents of any benefit to a humble user? These are designed for regulators, lawyers, journalists, investors and the industry.

The control narrative is just a mechanism to convince the user of authority. Throughout the world, various methods have been adopted and strategies have been formulated to engineer your consent; extensive marketing, lucrative privacy settings, notification asking permission for every access and many more. At the end of the day, the user gives in for everything, to simply access the service easily without continuous nudging.

Ultimately the companies benefit from this notion of control, as they get to keep their data engine humming by leveraging this illusion of agency via terms and settings.

Following is the testimony of Mark Zuckerberg from the Cambridge Analytica hearing:

“The first line of our Terms of Service say that you control and own the information and content that you put on Facebook…you own [your data] in the sense that you chose to put it there, you could take it down anytime, and you completely control the terms under which it’s used.”

And this is how users are made into data spigots by these data-based companies under illusion by conceptualizing privacy in terms of control.

Are legal mechanisms effective in protecting privacy?

Not only contractual compliances or legal doctrines but also private and common law tort principles and private statutes may enable the users to challenge the enforceability of these agreements. Arguably, challenging the lack of assent or unconscionability could be the best approach in this regard. Proving it would require proving both procedural and substantive unconscionability before the court. The adhesive nature of the agreement, take-it-or-leave-it basis, and the bargaining position of the party are considerations providing strong arguments in favour of procedural unconscionability. As far as substantive unconscionability is concerned, the costs that an unfair contract imposes on a user is derived from the exploitation of private information which is relatively greater than what would have been derived from a regular clickwrap agreement. Thereby giving some room to the consumers to take legal discourse.

Case study on WhatsApp privacy policy

When WhatsApp rolled out its updated Privacy Policy and Terms of Service Agreement, it caused an uproar among the general public and legal fraternity. Users were mandatorily made to accept the terms and agree to them in order to retain their WhatsApp accounts.

The primary aim of the 2021 update is to achieve two goals: Make how WhatsApp collects, uses and shares data transparently and inform users about optional business messaging features. The acceptance of the 2021 update honours the 2016 opt-out feature (which allowed users to opt-out of sharing their WhatsApp account information with Facebook Companies for ads and product experience purposes).

WhatsApp submitted that the privacy of personal messaging is integral to the growth and vision of WhatsApp. 2021 Update does not expand WhatsApp’s ability to share data with Facebook or third parties. Thus, it concluded that no concerns from a competition perspective are raised either.

On the other hand, observations made by the Commission were contrary to WhatsApp’s submissions:

  1. It was observed that policy envisaged the collection of personal data to be shared with Facebook and third-party companies.
  2. The 2021 update creates no carve-out for users who chose not to share their data with Facebook regarding the 2016 update.
  3. WhatsApp enjoys a pedestal market position and market power, thereby attracting a detailed investigation and scrutiny in the light of their terms and conduct.
  4. Ambiguity in terms of usage of historical data of users and sharing data of users who only use WhatsApp and not related apps such as Facebook, Instagram etc.
  5. Control over cross-product processing of data is not by voluntary consent but as a precondition for availing of WhatsApp’s services. (Developing on the control over privacy narrative).
  6. Violating provisions of Section 4 of the Competition Act, 2002, the questionable data-sharing model leads to degradation of non-price parameters of competition and undermines the competitive process.


This article has identified how terms of use agreements are enforced despite weakened consumer bargaining power. Primarily due to reputational immunity and asymmetric information in the niche market, the lack of protection to consumer’s privacy goes unseen. At this point, with such a huge booming population’s ease of access to the internet and social media, the intervention of the government is absolutely necessary. We need a solid regulatory framework with consequences rather than depending merely on policy. The risk averted directly on the consumers must be removed and companies should be held accountable and punished when not aligned with the privacy needs of the users. 

Consumers should have full control over the usage of their data instead of garb in the name of Privacy Policy or Terms of Use Policy. There should be a system in place providing the user to opt for payment of cash or allow usage of their private information to avail the service interested in. Hiding behind the legalese of agreements by the companies will not sustain in the long run. The sooner a robust system is established for users the better it is.

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here