File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Digital Privacy: Navigating the Cyber World with Awareness and Rights

Privacy literally means to being let alone and the right to privacy refers to the right to be alone. Privacy is something which can be stated as when as long as the people, organizations or institution has denied access to you. And the concept of privacy has a very close connection with the human dignity, freedom and independence of the individual and to safeguard and protection of such crucial thing are being more challenged in the age of rapid development of the technology and information in the society.

In cyber world data is of immense importance. And a data breach is an instance in which information is made public without authorization. By November 2021, 86.63 million Indian users will be exposed to danger, placing India third globally in terms of data breaches. This is a major worry given the harm a data breach can do to security and the economy. Leaked information can be used by criminals to carry out a number of illicit actions, such as creating fraudulent identification documents and financial contacts which will leads to infringe f the Right to Privacy of the users in the cyber world.

Needs of Right to Privacy in Cyber World:

The need for Right to privacy has become increasingly important with the growth of the digital economy in India. With more and more transactions taking place online, there is a greater risk of personal information being compromised. Cybercrime has also become a major concern, with incidents of data breaches, identity theft, and online fraud on the rise.

To address these concerns, the government has taken several measures to improve e-data protection in India. The Ministry of Electronics and Information Technology has issued guidelines for garanting the right to privacy along with the data protection and cybersecurity established the Indian Computer Emergency Response Team (CERT-In) to respond to cyber incidents. The Reserve Bank of India has also issued guidelines for the security of electronic payment transactions.

Privacy Threats in the Cyber World:

Different ways in which the Privacy of the users are in threat are:
  • Data Breaches: Disclosure or Unauthorized access to the sensitive information. For Example personal data, financial records, or login credentials, by breaching the security in databases or systems.
  • Online Tracking and Profiling: For targeted advertising, behavior analysis, and user profiling data of users are collected across websites and online platforms, often without explicit consent.
  • Phishing and Identity Theft: Deceptive techniques used in crimes to obtain the personal information of users, such as passwords or credit card details, by impersonating trustworthy entities through fraudulent emails, websites, or messages.
  • Social Engineering: Manipulate tactics to trick individuals into revealing personal information or granting unauthorized access to sensitive data, often through phone calls, emails, or impersonation.
  • Malware and Ransomware: Malicious software that infiltrates computer systems, compromising the privacy of the user by stealing data, controlling devices, or encrypting files for ransom.
  • Surveillance and Monitoring: Government surveillance programs, corporate monitoring practices, or unauthorized access to private communications, compromising individuals' privacy and anonymity.
  • Internet of Things (IoT) Vulnerabilities: Inadequate security measures in IoT devices, leading to unauthorized access, data leaks, or unauthorized monitoring of individuals' activities within their homes or workplaces.
  • Webcam and Microphone Hacking: Without the knowledge or consent of the users unauthorized access to webcams or microphones on devices, which compromises the individuals' privacy by capturing audio and video.
  • Social Media Privacy Risks: Oversharing of personal information, exposure to targeted advertising, and potential data misuse or unauthorized access by third parties on social media platforms.
  • Geolocation Tracking: Collection and sharing of individuals' location data, often through mobile devices or GPS-enabled applications, posing risks to personal privacy and security.
  • Inadequate Privacy Policies and Terms of Service: Unclear or misleading privacy policies and terms of service that may grant organizations broad rights to collect, use, and share personal data without users' full understanding or consent.
  • Data Mining and Big Data Analytics: Large-scale collection, aggregation, and analysis of data from various sources, raising concerns about the potential for discriminatory profiling, privacy infringement, or unintended data use.
  • Cloud Data Security: Risks associated with storing sensitive data in cloud services, including unauthorized access, data breaches, or improper handling of personal information by cloud service providers.
  • Internet Service Provider (ISP) Monitoring: Monitoring and logging of individuals' online activities by ISPs, potentially compromising privacy, and raising concerns about data retention policies.
  • Mobile App Privacy Issues: Invasive permissions, data collection practices, and lack of transparency in mobile applications, leading to potential privacy violations, data misuse, or unauthorized access to personal information.

It is important for individuals and organizations to stay informed about these privacy threats and adopt proactive measures to protect their digital privacy.

Laws for Privacy in Cyber World:

There as such no specific legislation governing privacy in India. The technology of collection and processing of information which includes personal information and such subject matters coming under the authority and jurisdiction of Information Technology Act,2000. The Supreme Court of India on Landmark Judgment of Justice K.S. Puttaswamy v. U.O.I, it was held that Right to Privacy is considered to be as an integral part of Right to life and personal liberty under Article-21 of the Constitution of India. Data privacy and any breach or any kind of corruption shall be governed by the Information Technology Act,2000 and its consequence Rule i.e., Information Technology ( Reasonable Security Practices and Procedure and Sensitive Personal Data or Information) Rules,2011 ( "SPDI Rules") and also Personal Data Protection Bill,2019 which is yet to be notified by the Govt. of India.

Under the this Act, terms like violation of confidentiality and privacy are defined:

  1. Section 66-E: A violation of privacy is defined as neglecting a person's privacy by capturing, publishing, or broadcasting a photograph of his or her private parts without his or her consent. Upto three years in prison or a fine of up to two lakh rupees, or both, is the penalty.
  2. Section 72: The person anyone who gains access to any electronic record, book, register, information, document, or other materials without the consent of the person concerned and reveals such materials to any other person without the consent of the person concerned faces up to two years in jail or a fine of up to one lakh rupees, or both.
  3. Section 72A: According to Section 72A, anybody, including an intermediary, who discloses information in breach of a lawful contract, except as otherwise permitted in this Act or any other laws now in force, violates privacy.

Penalties And Liabilities In Case Of Breach Of Data Privacy

India lacks a specific and comprehensive personal data protection law to protect materials containing personal information and data that are transmitted, stored, and shared. The PersonalData Protection Bill, 2019, is currently being debated and has not yet become law. For the timebeing, the fines and responsibilities under the Information Technology Act are as follows:

Section 43A of the IT Act

In accordance with Section 43A of the IT Ac, Anyone corporate in possession of, dealing with, orhandling any sensitive personal data or information in a computer resource owned, controlled, or operated by such body corporate is liable for damages if such body corporate fails to maintain reasonable security measures, causing wrongful loss or gain to any person..In the event of a security breach, Section 43A's definition of "sensitive personal information" allows for judicial action.

Other than that, Indian law does not provide any protection for sensitive personal data. A person may be entitled to compensation under Section 43A of the Act if the business failed to protect their personal data while they were being processed by the business, whether as a result of negligently installing or maintaining appropriate security measures. The only reason compensation is fair is that they are each "affected" differently. Furthermore, it declares that unlawful data accessis a civil infraction.

Section 43A of the IT Act will not be applied to the employee/individual since he/she does not come within the ambit of a body corporate. Section 43A mainly deals with the failure of a bodycorporate to protect data.

Section 72A of the IT Act

Section 72A of the IT Act states that any person, including an intermediary, who discloses information in violation of a legitimate contract, except as expressly authorised in this Act or anyother legislation now in force, violates privacy. It is illegal for anyone who has gained access to material containing personal information about another person to reveal that information without their consent or in violation of a lawful contract. The penalty is up to three years in jail or a fine ofup to 5L rupees, or both.

Individuals/companies would be subject to Section 72A of the IT Act. Because all of the conditionsare met, it will also apply to an employee. An employee has a legal contract with the employer, which is an employment contract. Employees have access to sensitive personal data or material containing personal information when performing services for the employer's clients within the terms of their employment contract.

Section 45 of the IT Act

Section 45 of the IT Act is a residuary clause that provides that anyone who violates any rules issued under the IT Act for which no penalty is given separately will be made to pay compensationor a penalty of up to 25k rupees. Section 45 relates to an individual, a business, an employer, and an employee.

Section 43 of the IT Act:

Anyone who enters a computer without permission, produces an unauthorised digital copy, downloads or extracts data, violates someone's privacy, and so on is subject to civil liability forcomputer database theft, according to the Information Technology (Amendment) Act of 2008..

Case Law:
K.S. Puttaswamy Vs. Union Of India
Citation: (2017) 10 SCC 1
Court: Supreme Court Of India


The lawsuit was started after Justice K.S. Puttaswamy, a former Karnataka High Court judge, filed a petition in regard to the Aadhaar Project, which was handled by the Unique Identification Authority of India (UIDAI). The Aadhaar number was a 12-digit identifying number given to Indian citizens by the UIDAI.

  • Whether the right to privacy was a basic right under India's Constitution's Part III.
Privacy was declared a unique and independent basic right under Article 21 of the Constitution by the Supreme Court in six different rulings. The heart of the ruling outlined a wide view of the right to privacy: it was not limiting protection against physical invasion, nor a derived right under Article 21, but one that included the body and intellect, encompassing decisions, choices, knowledge, and freedom. Part III of the Constitution was found to provide an overarching, enforceable, and multidimensional right to privacy. The extent of the right was debated in detail in the various opinions.

Internet And Mobile Association Of India v/s Reserve Bank Of India
Citation: Manu/Sc/0264/2020
Court: Supreme Court Of India

Reserve bank of India issued a circular on development and regulation policies in which RBI raised concern on customer protection in regards to virtual currency also known as cryptocurrency. The circular issued by RBI directed the entities not to deal with virtual currency and prohibited them from providing services to individuals or other entities in the matter of dealing or settling cryptocurrency. Such services included maintaining accounts, registering, trading, giving loans, settling, and transfer of amounts in accounts relating to the sale or purchase of virtual currency.

Moreover, RBI also directed the entities to end their already existing relationship with any such individual or entities that dealt with virtual currency within three months. RBI stated that the purpose of the prohibition of trade of virtual currency was to strengthen the financial market, improve currency management, promotes financial inclusion and literacy, and facilitate data management. In turn, these measures would prevent money laundering, data hacking, and terrorist activities. Though during a press release in 2018 RBI raised the same issue no such threats or risks were highlighted in the same.

A writ petition was filed by the internet and mobile association of India challenging the proportionality of the circular issued by RBI. The petitioner argued that RBI do not have the legislative power to prohibit the trading of virtual currency beside it also violates the fundamental right of the Indian constitution.

  1. The petitioner contended that the Reserve Bank of India does lack the jurisdictions to disallow the trade of virtual currency (cryptocurrency) moreover the ban imposed by RBI is based on the misunderstanding of RBI.
  2. The Petitioner also contended that the Virtual currency or the cryptocurrencies are not a kind of currency note or coin but a medium of exchange or a store of value.

The supreme court upheld that the circular issued by Reserve Bank of India is unenforceable and unlawful on the ground of proportionality.

The court also ordered RBI to direct the central bank of India not to freeze the accounts and to repay the prize with the interest to the petitioner.

With the skyrocketing development in the field of technology, interference of it in the life of human beings has been increasing .For which Users should be aware about their rights in these challenging world of advancing technology.

And also the users should be aware about the cybercrimes.

Each individual accessing the cyber world ought to be better informed about the advantages and disadvantages of using the same

With the increase in the digital population of a country like India, data protection and data privacy are an important issues at the moment. Every internet user intentionally or unintentionally leaves her/ his digital footprint in the form of personal data when browsing the internet. In such a scenario it becomes utmost important to have exclusive legislation like GDPR to regulate data protection and data privacy.It is also important for the business to create such a privacy policy, which fulfils the requirement of a business as well as protects the rights or interests of a user/ client .

However, the absence of a specific and comprehensive personal data protection law puts the onus on individuals and organizations to take responsibility for their digital privacy. It is imperative for individuals and organizations to stay informed about privacy threats and be vigilant in adopting proactive measures to protect their digital privacy. The case laws and penalties and liabilities under the Information Technology Act provide some legal remedies to safeguard data privacy, but the enactment of the Personal Data Protection Bill, 2019, is critical to ensure comprehensive legal protection for digital privacy.

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly