Survey Questionnaire for "A Study of Privacy Attitude of Users of Social Networking Sites and their Expectations from Law in India" Researcher: Sandeep Mittal, I.P.S.,
Request your help in filling this research questionnaire by Sandeep Mittal, IPS. It takes about 20 minutes of your valuable time. The ownership, storage, processing, transfer, export and sale data belonging to individuals and need to be regulated with a view to protect the privacy rights of the individual. This research intends to analyse the attitudes of users of Social Networking Sites in India and their expectations from Law in addressing the data privacy issues in the cyberspace. You are requested to read the questionnaire and answer according to your understanding and relevance. The collected data will be analysed using statistical tool like SPSS etc. to have the better understanding of the user’s perception and requirement of a data privacy policy for India. The results would be published in a Thesis and peer reviewed journals.
Thank you for reading this information – please ask any questions if you are unsure about what is written here.
Researcher's contact details:

Name: Mr. Sandeep Mittal, I.P.S.,

Informed Consent Form for the collection of Data for "A Study of Privacy Attitude of Users of Social Networking Sites and their Expectations from Law in India".
Please tick the box below as an acknowledgement of the informed and explicit consent. *
Socio-demographic profile of the respondents
1. Which age group you belong to? *
2. Which gender you belong to? *
3. What is your educational qualification? *
4. You belong to which of the following group? *
Warming up
5. The Social Network Sites collect and analyze the user data for commercial purpose. *
6. The Social Network Sites are able to detect whether someone has opened the message even if the receiver does not reply to it. *
7. Indian Law prohibits the impersonation of other profile and spreading of abusive or incorrect information about a person. *
8. In India the processing of personal data that reflect racial or ethnic background, political opinions, and religious or philosophical beliefs is done without consent. *
9. It is safe to use one secure password that consists of upper and lower case letters, numbers and special characters for all my online accounts and profiles. *
10. Reading and understanding the privacy policy of a website helps me in protection of my privacy. *
Your interface with the Social Networking Sites
Disclosing Personal Information in Everyday Life
11. Do you use a social networking site (e.g., Facebook, Twitter, LinkedIn etc.)? *
12. How much cumulative time you spend daily interacting on social networking sites? *
13. Out of the following personal information pertaining to you, list 3 you consider as most important. (Multiple answers possible) *
14. What is the reason for you to disclose personal information on SNSs? *
15. How much control do you feel you have over the information you have disclosed on SNSs (e.g., ability to change, delete or correct)? *
16. What are the 3 most important risks connected with disclosure of personal information on SNSs? *
17. SNSs sufficiently inform their users about possible consequences of disclosing personal information. *
Protection of Personal Data
18. Who do you think should ensure that personal information is collected, stored and exchanged safely by SNSs? *
19. A Personal profile on SNSs contains information like name, age, gender, location, interests and photo. The profile visibility can be adjusted by managing privacy settings. I manage my profile visibility by changing the default privacy settings of the SNSs? *
20. It was easy to change the default setting of your personal profile. *
21. I trust the default privacy settings of SNSs in protecting your information. *
22. I am concerned regarding SNSs monitoring and recording my behavior (e.g., browsing habits, navigation, downloads etc.). *
Awareness and Perceived Control
23. What you do in daily life (not on SNSs) to protect your identity? *
24. What you do on SNSs (not daily life) to protect your identity? *
25. While becoming a user of a SNS, you were informed about conditions for collection of personal data and its further uses? *
26. Regarding the "Privacy Policy" on SNSs, you usually, *
27. I adapted a change in my behavior in using SNSs after reading the privacy policy. *
28. What are the reasons for you in ignoring the privacy policy? *
29. The SNSs provide free services as they collect revenue by providing your personal information to advertisers for targeted commercial advertisements. I feel comfortable with this. *
30. My specific approval or explicit consent is required for collection and processing of personal information. *
Thought Process on Right to Privacy and Data Privacy
31. Right to Privacy should be a Constitutional fundamental right in India. *
32. Right to data privacy should be part of Constitutional right to privacy. *
33. “The concept of privacy is embedded in liberty as well as honor of a person,” *
34. Right to privacy operating in physical world can not be enforced for SNSs as absence of international borders in cyber space makes it impossible to attribute an act of privacy violation to a tangible source. In the context of these characteristics of cyberspace, ‘the transnational dimension of privacy violation rises where an element or substantial effect of the act or where part of its modus operandi is in another territory’, bringing forth the issues of ‘sovereignty, jurisdiction, transnational investigations and extraterritorial evidence’; thus necessitating international cooperation. *
35. There is a thought process in India that the privacy could be configured into three zones (say, Zone 1: Marriage, Sexuality, etc; Zone 2: Credit Card, Social Networking platforms, income tax; Zone 3: Other minimal privacy matters). Such a concept of stratified privacy is practically very difficult to enforce as a right. *
36. "The first zone could be the most intimate zone of privacy concerning marriage, sexuality, relations with family and the law should frown upon any intrusion. The state could still intrude into this intimate zone in extraordinary circumstances provided it met stringent norms." *
37. "The second zone would be the private zone, which involved parting of personal data by use of credit card, social networking platforms, income tax declarations. In this sphere, sharing of personal data by an individual will be used only for the purpose for which it is shared by an individual." *
38. "The third is the public zone where privacy protection requires minimal regulation. Here, the personal data shared will not mean the right to privacy is surrendered. The individual will retain his privacy to body and mind." The formulation suggests right to privacy may not be unfettered." *
57. Many countries in Europe have recognised a "Right to be Forgotten" to their citizens. There should be a similar right for Indian citizens also. *
Regulations and Remedies
39. The personal data should not be kept in a form by which the data subject can be identified. *
40. The personal data stored may be processed solely in public interest, for scientific, historical or statistical research in accordance with law and using appropriate technical and organizational measures required in order to safeguard the rights and freedom of the data subject. *
41. The personal data should be processed only in a secure manner, including protection against unauthorized or unlawful processing and accidental loss deploying appropriate technical measures. *
42. The Service Providers should process the personal data only if the processing is necessary for the performance of a task in the public interest or in the exercise of lawful authority by a law enforcement agency. *
43. The ‘data subject’ should have the right to withdraw the consent given to Service Providers at any time from further processing of the personal data. *
44. The Service Provider must ensure that provision of a service is not dependent on the condition of affirmative consent of data subject for data collection and processing. *
45. If data subject is a child below 16 years, the collection and processing of data must be done only consequent to explicit and verified consent of person having lawful parental responsibility. *
46. Processing of sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual life, medical or health record or trade union membership, and the processing of genetic data, bio-metric data for the purpose of uniquely identifying a natural person should be allowed. *
47. A written, concise and clear communication in plain language regarding the data processing must be communicated to data subject. *
48. The data subject should have the right to obtain, from the Service Providers without undue delay, the rectification of inaccurate personal data. *
49. If the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or if the personal data have been unlawfully processed then the ‘data subject’ should have the right to erase the personal data without undue delay. *
50. The data subject should have the right of data portability from one service provider to other service provider. *
51. Automated processing of personal data should not be permitted. *
52. Law should restrict processing of personal data if processing prevents investigation, detection or prosecution of criminal offences or the execution of criminal penalties. *
53. Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organization should take place only subject to the explicit consent of ‘data subject’ and provisions of law of jurisdiction where data subject ordinarily resides. *
54. The personal data should be transferred to a third country only if the Service Providers has provided appropriate safeguards and on condition that enforceable ‘data subject’ rights and effective remedy for ‘data subject’ is easily available and accessible at place where data subject ordinarily resides. *
55. If processing of personal data results in infringement of the privacy right of data subject, he should have a remedy of compensation in time-bound manner from the service provider through an easily available mechanism of a Public Authority at his place of ordinary residence. *
56. The Personal data held by a public authority or a public body or a private body for the performance of a task carried out in the public interest may be disclosed by the authority in accordance with law of jurisdiction where the data subject ordinarily resides. *
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Additional Terms