This paper goes into the detail of online social networking and the privacy of its users, from a legal perspective. In a digital era, the online social media platforms require certain information regarding its users in order to enable them to take full advantage of the social media experience. While there has been a spate of public outcry against rampant privacy violations on social networking sites in the recent past, the current law of privacy appears to be ill-equipped to reinvent itself in the internet age and rise to the emerging challenge of affording adequate protection to personal information online. Among the many legal questions that need answering, one of them is regarding the legal protection in India that is accorded to the privacy of the online social media users. In many instances, the users voluntarily give their information when they’re availing the services of online social networking. The question however arises as to where the line needs to be drawn between the information that is available in public and the private information that is not meant to be disclosed. This paradox that exists creates a hindrance in the legal recourses that are available to the individuals in the event of breach of their privacy. There is no specific legislation on Internet privacy and data protection. However, our constitution has provided Article 21 as a privacy lock which is insufficient to provide adequate protection to the data. The legislature has made an effort to embrace social media privacy issues and currently India’s most comprehensive legal provisions that speaks of privacy on the Internet is the Information Technology Act, 2000. Even though it cannot completely safeguard the privacy, it can dilute it to an extent. Provisions that clearly protect user privacy include Section 43, 66, 66F and 67 of the Information Technology Act, 2000 and also the rules of the Act. However, there exists no comprehensive legislation that seeks to protect the privacy rights of the users of social media. Further with the introduction of the Personal Data Protection Bill, 2019, required platforms such as Google’s YouTube, Facebook, Instagram and WhatsApp apps, and other social media apps, would be required to surveil them in order to be able to trace the origin of the content, and thereby assist the government. This is however concerning since it undermines encryption and in turn harms the fundamental right to privacy of Indian users.