In Today's fast-paced life, technology has
spearheaded the central function of human behavior and modus operandi in every
sphere of work. There is nothing remained untouched with the technology, and
hence computer and information and technology have replaced the traditional mode
of doing things from manual intelligence to that of artificial intelligence.
all this no doubt has given the ease of life to the human beings, but at the
same time, also brought some challenges pertaining to safety issues and
precaution of the personal data and information of the people, which is
provided, assimilated, and collected while transacting online, through the use
of the internet service. In India till date no special act has been enacted yet,
to deal with all kinds of data safety and information security issues.
Information Technology Act 2000 along with the Indian Penal Code, The
Constitution of India is some of the statues laws, which to some extent,
protects the privacy of an individual from being invaded by others and lays down
punishment. But that is not sufficient to deal with all kinds of
technology-based violations of privacy rights.
The need of the hour is to bring
forward a special law to deal with the privacy-related issue, at par with the
international standards and as like most of the other developed nations have
already enacted. The 'Personal Data Protection Bill '(PDP) Bill 2019, which the
Indian parliament has recently drafted and introduced in the parliament, is yet
to become the law. taking the said bill, into consideration it can said that, if
it's being enacted and enforced, then it will certainly provide great relief in
terms of giving protection to all the internet users regarding their data safety
and security of the information that the internet-based intermediaries do come
through and retain the users.
In Today's Techno-savvy world, digitalization has replaced the practice of
storing and submitting documents in physical form, rather all are now stored in
a computer device by the use of electronic form. This practice has many
advantages as it is easy to access, retrieved quickly, and hence is very
speedier to communicate. Therefore the peoples are feeling very reluctant to use
this electronic form of data storing and exchanging, as it helps them to carry
out their business very smoothly and without any hassle.
E-commerce as well as
the entire social media platform is the primary and advanced technology-based
entities, where we use and communicate and share our personal data for buying
and selling products or hiring any services or for socializing with our personal
connections, using the internet. Hence as such, all the data that we share are
vulnerable towards misuse and invading the 'privacy'
of the individuals.
Right to Privacy is a part of the human right, as it has been specifically
declared as such, in the United Nations Declaration of Human Rights and many
national and other international treaties. Most of the developed nations even
added the right to privacy as a fundamental right of their citizens. Privacy is
best understood as a cluster covering interest in:
- Control over information about oneself.
- Control of access of information both physical and mental.
- control over one's ability to make an important decision about family
and lifestyle in order to be self-expressive and do develop varied
The term Privacy
literally has many definition or analysis or meaning.
Although the more precise concept was propounded by Samuel Warren & Louis
Brandeis (1890) in their writing Right to privacy
. They defined it as 'a right
to be let alone' and which is protected by law. The above concept was later on
laid as the foundation to control information about oneself. The Calicut
Committee (1990) recognized individual right to be protected from any intrusion
considering the personal, family life either physical means or from any
publication or sharing of information.
William Prosser in 1960, wrote four
different 'rather definite' privacy rights as follows:
- Right from interference by others, in one person's private affairs.
- Prohibition to disclose embarrassing facts about an individual.
- Sharing false information about someone in public.
- Taking an advantage by appropriate information about another, and by
There are three international treaties that are widely recognized as the basis
for the protection of Privacy
. Those are Article -12 of the Universal
Declaration of Human Rights, 1948, Article -17 of the International Covenant on
Civil and Political Rights (ICCPR). Article-8 of the European Convention for the
Protection of Human Rights and Fundamental Freedoms, (ECHR). The Organization
for Economic Development & Cooperation (OECD),
Guidelines for the (Protection of privacy and Trans Border of Data) also has
equal relevance as it protects the right to privacy among its members. The
Preamble of the Australian Privacy Charter also provides tha:
People have the Right to Privacy of their own body, Private Space, Privacy of
Communication, Information Privacy Rights Concerning Information about a Person
and Freedom Surveillance.
The holy book of Muslim followers also contains a 'verse'-(24:27)
–'O Believers Enter not houses other than your own houses, until you have
obtained the permission of the inmates of houses and have the greeted term with
peace. This is better for you, it is expected that you will observe this.
Thus, due to the advancement of information and technology and heavy involvement
in doing an online transaction and by the use of internet and mobile phones, it
has made people's lives easy. Now they can buy, sale, play games, communicate
and share information through emails, book tickets online and reserve hotel
rooms and even make banking transaction including the opening of an account and
operating the bank account through the internet banking facilities.
All this is
possible, just by a click of a computer mouse or by the tap of a phone, but
major drawbacks are this online transaction that we do, were very susceptible
for miss utilization of information which is stored, processed, and remitted
online and causing more harm to the individuals by invading their privacy.
In this research paper, the researcher aim and objective is to analyze the
privacy of an individual using the internet or online services and the laws
protecting the privacy in the cyber world in India and, what are the issues
faced by the peoples. This the research paper also focuses on studying, how a
special law is needed in India to protect the privacy of the peoples who are
using internet services for doing online transactions.
The research methodology as adopted by the researcher is specifically
qualitative, descriptive, and analytical in nature. The various sources from
which the researcher has collected information are mostly from documents and
files, articles available online data maintained in various e-repositories,
books, legislative enactments, Acts. All the above information and data has been
properly and systematically analyzed and on the basis of which research
hypothesis has been formulated and answered by the researcher by following the
rules of research methodology. And due consideration and credit have been given
to all the references obtained in coming to a final conclusion on the research
Review Of Literature:
The researcher in order to formulate the research the hypothesis has reviewed
the following literature and statues as stated below:
- Indian Penal Code
- Indian Evidence Act
- Information technology Act of 2000.
- Consumer Protection Act of 2019.
- Indian Contract Act
- The Personal Data Protection Bill, 2019.
Invasion Of Privacy In Cyber World:
Due to the excessive dependence on the computer, as a tool for information
sharing and retention of data and the use of the internet as a medium for data
transfer, various invaders who indulge in the act of stealing the information,
as shared through online by the user, either by use of malicious spyware, or by
various computer bugs, or the data as collected from the website which is stored
in the cookies folder of the computer.
Also the information that the user shares
in the social networking profile i.e. Linkedin, Twitter, Facebook, Instagram,
etc. are very prone to be accessed by any intruder and are easily manipulated
and misused causing privacy intrusion issues to the concerned social media
user. Threats also like email attachment containing malware that discloses
personal information of the recipient of the mail to the sender or any intruder.
Children, who use the internet, are also easy prey of the intruders because all
the information fed by a child can be easily tracked by cybercriminals.
Wikipedia says that there are around 400 million users of the social media
websites and almost all of the users, use the application for the purpose of
chatting, uploading, photographs, and feeding vital personal information in
their databases. Cybercrimes which is committed by the use of the internet,
whereby computer is used as a tool or target
and is the most advanced form of
Now a day's companies are hiring third parties to collect
information about the peoples who are using the internet and social sites, to
pile up their data records, about such peoples and their vital information, so
that they can use the same for advertisement purpose or for selling it to some
other companies. The protection of privacy and data of the peoples using the
internet is the major issue nowadays, many countries have passed many laws to
protect the privacy of their people.
In the U.S, in order to protect the
interest of the children and their privacy who use the internet, the Federal
Trade Commission has enacted The children Internet Protection Act 2000.
Lack Of Special Law On Privacy In India
Since a long period of time, India do
not have a special law dealing with cyber crimes and cyber privacy issues,
jurisdiction issues, and intellectual property rights issues, and a number of
other issues. Perhaps it was the only n the year 2000; The India Legislature
enacted the Information Technology Act, 2000
to deal with cyber crimes and cybercriminals. IT Act lays down penalty and punishment provisions for violation
of certain laws which amounts as an offense.
The act was later on amended again
in the year 2008 and knows as the Information Technology Amendment Act 2008. The
Act contains a number of provisions which protects the privacy of a person from
online intrusion and exploitation. It provides both fine and punishment by
imprisonment in case of hacking (Section 43, 66), three years imprisonment for
violation of privacy(section 66E), identity theft(Section-66 C) and cheating by
personation (Section 66 D), offensive email (Section 66A).
Section 72A of the IT
Act penalizes the unauthorized disclosure of personal information by any person
who has obtained such information under a lawful contract and without consent of
the person from whom such information belonged or taken. Apart from this the IT
Act also provides provision for data safety.
Section 43A of the Information
Technology Amendment Act 2008, lays down that all corporate bodies and
intermediaries who possess, handle or collect any sensitive personal data shall
maintain reasonable security practices and in case of failure they shall be
liable to the person who is aggrieved by such misuse of data.
- The government has notified the Information Technology (Reasonable
Security Practices and Procedures and Sensitive Personal Data or
Information) Rules, 2011. The Rules only deals with protection of Sensitive
personal data or information of a person, which includes such personal
information which consists of information relating to:
- Financial information such as bank account or credit card or debit card
or other payment instrument details;
- Physical, physiological and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information.
The rules provide reasonable security practices and procedures, which the body
corporate or any person who on behalf of the body corporate collects, receive,
possess, store, deals or handle information is required to follow while dealing
with Personal sensitive data or information. In case of any breach, the body
corporate or any other person acting on behalf of the body corporate, the body
corporate may be held liable to pay damages to the person so affected.
- Parliamentary Report on Cyber Security & Right to Privacy:
The Parliamentary Standing
Committee on Information Technology in its 52nd Report on Cyber Security and
Right to Privacy said that a significant increase in cyberspace activities and
access to internet use in India coupled with lack of user end discipline,
inadequate protection of computer systems, and the possibility of anonymous use
of ICT allowing users to impersonate and cover their trends of crime has
emboldened more number of users experimenting with ICT abuse for criminal
activities. The Committee is of the opinion that this aspect has a significant
impact in blunting the deterrence effect created by the legal framework in the
form of the Information Technology Act, 2000, and allied laws.
The Committee has listed several offenses which fall under the purview of
cyber-crimes and the remedies available within the existing legal framework.
Cyberstalking or stealthily following a person and tracking his internet chats
is punishable under Sec 43 and 66 of the IT Act, 2000 while video voyeurism and
violation of privacy is a crime under Section 66E of the IT Act with a
punishment of three years with fine. The Department of 82 Electronics and
Information Technology (DeiTY) during the course of evidence submitted to the
Committee that with regard to the data pertaining to privacy related cases
booked under Sec 72(A) of the IT Act the number of cases registered have risen
from 15 in 2010 to 46 in 2012 while the number of persons arrested were 22 in
The Committee members were of the opinion that considering the nature of
cyberspace which is borderless, balancing cybersecurity, cyber-crime and the
right to privacy is an extremely complex task. The members were also unhappy of
the fact the government is yet to institute a legal framework on privacy. It
urged upon the Department of Electronics and Information Technology (DeiTY) in
coordination with the Department of Personnel and Training and
multi-disciplinary professionals/experts to come out with a comprehensive and
people-friendly policy for the protection of the privacy of its citizens.
Personal Data Protection Bill 2019
The Government of India, therefore, constituted a committee to propose a draft
statue on data protection. The committee proposed draft law and the govt. of
India has issued the Personal Data protection Bill 2019
(PDP) Bill based on
the draft proposed by the committee. This will be India first law on the
protection of data and it will repeal section-43A of the IT Act.
The PDP Bill, proposes a broader reach. It will not
only apply to persons in India but also to persons outside India in relation to
business carried out in India. The PDP Bill, proposes to apply both on manual
and electronic records. The PDP bill proposes creating a Data Protection
Authority in India
. The Authority will be responsible for protecting the
interest of data principals, preventing misuse of personal data and ensuring
compliance within the new law.
The PDP Bill proposes to protect Personal Data relating to the identity,
characteristics trait, attribute of a natural person and Sensitive Personal
Data such as financial data, health data, official identifier, sex life, sexual
orientation, biometric data, genetic data, transgender status, intersex status,
caste or tribe, religious or political beliefs. Pursuant to the PDPB being
enacted into an Act, there are several compliances to be followed by
organizations processing personal data in order to ensure the protection of
privacy of individuals relating to their Personal Data. Consent of the
individual would be required for the processing of personal data.
Based on the
type of personal data being processed, organizations will have to review and
update data protection policies, codes to ensure these are consistent with the
revised principles such as update their internal breach notification procedures,
implement appropriate technical and organizational measures to prevent misuse of
data, Data Protection Officer to be appointed by the Significant Data Fiduciary,
and instituting grievance redressal mechanisms to address complaints by
In a Landmark Judgement delivered on August
23rd 2017, Justice K.S Puttaswamy (Retd.) Versus Union of India
WP (C) 494/2012 ), the Hon'ble Supreme Court through its 9 Judge Bench held
that the fundamental right to privacy is guaranteed under the Constitution of
The Court stated that every person should have the right to control the
commercial use of his or her identity and that the right of an individual to
exclusively use and commercially exploit their identity and personal
information, to control the information that is available about them on the
internet and to disseminate certain personal information for limited purposes
only which emanate from this right. This is for the first time Supreme Court has
expressly recognized the right of an individual over his personal data.
Though the idea pertaining to the protection of data is very old but due to the
immerging trend of technological dependence and use of personal data is
manifold, hence this new trend needs a new law to deal within tracking and
controlling the techno-savvy peoples and organizations by providing guidelines
to prevent misuse of personal data.
Peoples using online medium for sharing data or transferring information while
doing e-commerce transaction or any other communication purpose treasure their
privacy and link it to personal freedom and so have a right to control data
about them. It is further required that every e-organization privacy practices
should be bench marked against national and international standards for privacy
and fair information practices to meet the emerging challenges.
Although customer's easily share their personal data while doing online
transactions or by interchanging communications but still it is the state's
responsibility to look and protect the interest of its citizens. As because due
to lack of specific statutory law dealing with the protection of data in India,
the courts measurably fails to protect the information as shared to the
companies by punishing them for violation of trust.
Hence, it is highly required and need of the hour, that the Protection of
Personal Data Bill 2019 which is pending in the parliament for approval and
ascent of the president be immediately passed and approved so as to protect the
personal data of the citizens from being misused.
- (Olmstead Vs. United States (1928), available at http;//archieve.aclu.org/issues/privacy/hmprivacy.html
- The Australian Privacy Charter (1994), available at; http;//www.anu.edu.au/people/Roger.Clarke/DV/Privacy
- Surah-An-Nur(24:27-37) Al-Quran-al -Kareem at; https://quran.com/24/27-37?translations=20
- Report on Cyber Security & Right to Privacy submitted by the
Parliamentary Standing Committee on Information Technology Act presented on
Feb 12th 2014, under the chairmanship of Rao Inderjit Singh to the fifteenth
of the Lok Sabha.