PRIVACY LAWS IN DIGITAL AGE

Abstract

We are living in a digital age where we are surrounded by digital data. Majority of the worldwide population is living online and using the Internet. The Internet seems to be good in terms of resources but there is also a threat over this platform in terms of data privacy.

But what will change can be created by breach of data privacy. This question may be answered in the light of the judgment of the Supreme Court of India which is also known as the Aadhaar Judgment[1], which made it clear that Right to Privacy is a part of fundamental right. In the light of this judgment it can be said that breach of data is the infringement of right to privacy and will be considered as infringement of Fundamental Right.

After this judgment legislations were enacted so that digital data could be made safe and violation of these rights could be stopped. These legislations include Information Technology Act, 2000, Digital Personal Data Protection Act, 2023 and etc. These legislations gives individuals Right to Privacy for their digital data as well as impose duties on the data fiduciaries who process these data.

Besides these legislations individuals have to maintain their data security as it is their duty also. Not everything can be left for the legislature. Protection of one’s own data is his/her own duty as well. Although legislatures are providing security to one’s Right to Privacy for digital data, one should do his duty as well.

Key Words

Privacy, Right to Privacy, Digital Data, Data Fiduciaries, Breach of Data, Digital Data Protection Laws

Introduction

Data is everywhere around us. Whatever we do it creates data. Data is nothing but the information of a person connected to the internet. Calling someone, sending messages to someone, sending mails, browsing through search engines, online shopping, booking traveling or movie tickets online, or anything done by using the internet creates data as when we do them the information is collected and stored either with internet service provider or with search engines. They store them for the sake of providing better services in future.

But can we say that this collection and storage of data by internet service provider or with search engines is a breach of privacy? Does this data even come under the scope of privacy?

Not everything is included in privacy. For a person what is privacy it may not be called privacy for another. That’s why we have to consider what is considered as Privacy in general  acceptance and what is considered as privacy in law.

Law has given meaning to Privacy and also gives remedies in case of its breach.

It is also the duty of individuals that they should protect their data which is available digitally.

Research Methodology

This paper gives an understanding about what privacy laws are and how personal data can be made safe in this digital age. This paper is based upon a secondary source of data which is collected from newspapers, journals and websites.

Review of Literature

  • Introduction
  • What is Privacy?
  • Meaning of Privacy
  • How the Privacy is connected with Fundamental Rights
  • How is this digital age a boon and threat, both, for privacy?
  • How people are connected in this digital age
  • Statistics Related to Social media profile
  • How this digital age can compromise with privacy
  • What are the laws relating to the protection of Privacy?
  • Information Technology Act, 2000
  • Digital Personal Data Protection Act, 2023
  • Suggestions
  • Conclusion

What is Privacy?

Privacy is derived from the latin word “privatus” which means something which is personal and not public.

Privacy is a matter of being alone, being with oneself without the interference of anyone. A person may say that “I just don’t care about my privacy as I don’t have anything to hide” but the reality is every person has something which can be termed as private. Privacy is all about speech and expression. It is about what a person wants to declare or not.

Privacy is also a matter of right. “Right to Privacy” is not expressly written anywhere in the India law, but the Supreme Court of India in the Aadhar Judgement[2] held that the Right to Privacy is also a fundamental right. Also in the case of Kharak Singh v. State of Uttar Pradesh[3], the Apex Court said that Right to Privacy is a fundamental right and is protected by Article 21 and Article 19(1)(d) of The Constitution of India.

Here what is our concern with privacy is the data, data of a person. It can be his or her Date of Birth or Place of Birth, it can be his or her Mobile Number, eMail Address, House Address or anything which is related to his or her and gives any information about him or her.

But not every data is private. Private data is something which is not made available to the public like Bank Account Details, OTPs, Passwords etc. Private data may include anything relating to a person, which he or don’t want to make public. A data is private or not is a matter of choice. For example a mobile number could be private data for someone and could not be for others.

Data safety and security is the important thing in this world of technology and digitalization.

But the thing is no data should be leaked or taken without the permission of the person who has the authority over the data, i.e., the owner of the data to whom it belongs.

Data Privacy has effectively been affected by the digital age. By the term “Digital Age” we mean the age of advanced technologies, the age of Artificial Intelligence.

For understanding how the Digital Age has affected the Data Privacy, we have to understand the pros and cons of the Digital Age.

How is this digital age a boon and threat, both, for privacy?

The Digital Age has affected human life in many ways. If we talk about pros of this age it is said that it has taken the world wide population closer to each other. As of October 2023, there were 5.3 billion internet users worldwide, which amounted to 65.7 percent of the global population. Of this total, 4.95 billion, or 61.4 percent of the world’s population, were social media users.[4]

Besides, it is also a benefit of technology that it gives space to store and protect data in digital format which might be difficult to do in physical form. By way of cloud storage, persons save their photographs and memories so that they can access them whenever they want to. An estimated 2.3 billion people use personal clouds such as Dropbox, Google Drive, and iCloud.[5]

But the question is, Is This Safe? Does the Digital Era give protection to one’s privacy? Who can access these information saved to devices or clouds? Let us try to figure out the answer for these questions.

As we know there are pros and cons of everything. What we have discussed till now are the pros of the Digital Age but we know that everything has some cons also.

Suppose you are using social media to upload your photographs and you upload them on your social media account. Sometimes letter you discover that there is another account which is not yours but it looks as if it is yours. Now think about it, how did this account come into existence? Who created it? The answer of this question simply is that someone else created an account by using your identity and photos.

Meta is the biggest social media company providing various platforms like Facebook, WhatsApp, Instagram etc. During the third quarter of 2023, Meta stated that 3.96 billion people were using at least one of the company’s core products (Facebook, WhatsApp, Instagram, or Messenger) each month. This was a slight increase of monthly active users (MAU) when compared to the previous quarter. Daily active users (DAU) of Meta’s core products also saw year-over-year increases.[6] Having this amount of users makes it possible to have a great number of fake profiles also. Fake profiles are created on social media platforms to deceive someone or to defame someone. In 2020 a case was registered against a person who created a fake account of a woman and posted some obscene pictures of her.[7] Even the identification of Civil Servants have been forged by the scammers on social media platforms.

Besides, hacking is a big issue for privacy. Hacking is a security breach to get the access of a device or network for entering into that device to collect the information and data from it. Any person whosoever does this act is termed as Hacker. There are many incidents when the Government Websites and Servers have been hacked and the data have been breached. In February, 2023 the IT Minister Ashwini Vaishnaw said that around 50 government websites have been hacked and there were eight data breaches in 2022-23[8]. Now this is a concern because, if Government Websites have been hacked several times and how a normal person could feel safe from hacking. This shows that technology of this Digital Age is not only useful but also a threat to the individuals using them as their privacy and data are at stake under this age. Hacking someone’s device or network and getting access to his or her private information without any authorization is infringement of his or her Right to Privacy which is an infringement of fundamental right as Right to Privacy is protected by Article 21 of The Constitution of India, as seen in K.S. Puttaswamy case[9]. Hacking or forging the identity is not only related to an individual person but it can happen with businesses also. Businesses running their operations on a digital basis having their digital signature can be used without any authorization. If a digital signature is used in an unauthorized way it can impact the privacy of that digital signature holder.

What are the laws relating to the protection of privacy?

For the data privacy IT Laws, Rules and Regulations enacted and enforced by governments are very important as they are the ultimate authority who are designated to protect the fundamental rights of the individuals.

Indian Government has enforced following cyber laws to govern digital system in India[10]:

  1. The Information Technology Act, 2000
  2. Digital Personal Data Protection Act, 2023
  3. Notification and Rules as published by government in its official gazette from time to time

But what is the need for these laws. These laws are required for the following reasons.

  1. Data protection laws control the gathering, use, transfer, and disclosure of personal information and the security of that information.
  2. It gives people access to their data, establishes accountability standards for businesses that process it, and includes redressals for improper or harmful processing.
  3. Data protection laws also provide remedies for false profiles and fraud that can also be made using stolen information.
  4. When information falls into the wrong hands, it can jeopardize people’s safety in various ways, including their economic security, physical safety, and personal integrity, so to protect the users from that exploitation, data protection laws are significant.

Let us now discuss how these laws are related to privacy concerns.

The Information Technology Act, 2000:

It is an act which is divided into 13 Chapters, 90 Sections and 2 Schedules, which was enacted to deal with e-commerce having provisions related with digital and electronic signatures.

This act does not expressly mention the term “privacy” but its provisions, which are related to protection of personal information and data security, are linked to privacy concerns. Under this act we can see some key connections with privacy.

  1. Data Protection:

This act includes provisions relating to the protection of personal data which provides a framework to organize and to handle sensitive data and information so that such data and information could be protected and security practices can be implemented which helps in the privacy of individuals by imposing obligations on entities who collect and process personal data.

  1. Unauthorized Access and breaches:

This act deals with unauthorized access, hacking and data breaches which can create compromise with the personal data and information. By dealing with unauthorized access, damage to computer systems and data theft  under Section 43 to 46 the Information Technology Act aims to protect individual privacy  by discouraging and penalizing unauthorized access to personal information.

  1. Cyber Crimes and Privacy Violations:

The IT Act 2000 recognizes several cybercrimes that can impact privacy, such as identity theft, phishing, and online fraud. Sections 66C to 66F of the Act specifically address offenses related to identity theft and impersonation, which can lead to privacy violations. The Act provides legal remedies and penalties for such cybercrimes, aiming to protect individuals’ privacy rights.

  1. Intermediary Liability:

The IT Act 2000 includes provisions related to the liability of intermediaries, such as internet service providers (ISPs) and social media platforms, for third-party content. Section 79 of the Act provides a safe harbor provision for intermediaries, protecting them from liability for user-generated content, as long as they comply with certain due diligence requirements. This provision indirectly supports privacy by allowing individuals to freely express themselves online without intermediaries being held responsible for their actions.

Having these provisions attackers, scammers and frauds are able to continue the scams and frauds. According to a report, In 2020, total of 389, 812 and 742 cases for violation of privacy under Section 66E of the cases were registered under Information Technology Act, 2000 during the years 2018, 2019 and 2020[11].

Digital Personal Data Protection Act, 2023:

It provides for protection of personal data available digitally and it establishes standards for businesses on how they should process data digitally.

It is enacted in such a manner that it can protect the personal data of individuals as their right and also, understand the need of the process for such personal data for the lawful purpose. This act is based upon the judgment of K.S. Puttaswamy v. UOI[12].

On 22 December, 2018 Supreme Court of India constituted a committee under the chairmanship of Justice B.N. Krishna, who drafted the Personal Data Protection Bill, 2018.

This bill has seen many approvals, feedbacks and withdrawal also, after which the final drafted legislation, by the Ministry of Electronics and Information Technology, was released for public consultation 2022. It was introduced in Lok Sabha on 3 August, 2023 and passed by it on 7 August, 2023. After that it was introduced in Rajya Sabha and was passed by it on 9 August, 2023 and finally got an accent by the President of India on 11 August, 2023.

This act is for the purpose of digital data protection, which is data by which a person may be identified digitally.

This act gives right to a person whose data is being processed. These rights can be understood as

  1. He/She will have the right to access the information about the data processing.
  2. If he/she wants to, he/she can seek for erasure of the data.
  3. He/She will have the right to appoint a nominee to exercise the same rights that he/she had, in case of his/her death
  4. In case of data breach a person can approach the Data Protection Board of India even in case of breach of non-sensitive data. In case of data breach the act imposes obligation on data fiduciaries to make a complaint to the Data Protection Board of India.

All these laws are provided by Indian legislatures to protect the privacy of the person who is using the internet or the digital things. These laws ensure that no data is being used with consent and no sensitive data is being misused. They provide safety and security of the individual’s data and ensure their Right to Privacy.

But, having our data secured is also a duty of ourselves so that we can ensure no one can use our data for any malicious purpose.

Suggestions

Although legislatures are doing their work to secure our digital data and privacy, still we should ensure that nothing of our data gets in the hands of a person whose intent is criminal. For this purpose here are some suggestions for how can we keep our digital data safe:

  1. Choose Trustworthy Tools

Using trustworthy tools aur very important so that security and privacy cannot be compromised. Having a good tour which gives security reduces the probability of data breach. By trustworthy tools we mean by the tools who have a good license certificate and good reputation among the users. The track record of the vendor is also important. The history of their business and their expertise in the business must be checked. A tool is considered to be good if it gives regular updates, fixes bugs and enhances the features of the tool.

  1. Usage of VPNs

They cricketer secure and encrypted connection between a user device and private network. This is done by data encryption. By encryption VPNs make it difficult for attackers to intercept and manipulate data transmitted between the user and the destination server. VPNs also give security over public servers, like public wifi. These servers are often unsecured and can lead to data breach. By by using VPN on these servers, the data is protected from potential attackers.

  1. Limitation on the Use on Internet

Limiting the use of the internet can reduce the exposure to potential cyber threats. Restricting the unnecessary browsing and social media scrolling will reduce the surface of cyber attack. Although limiting the use of the internet might be not possible for the businesses who operate through the internet. For them it is necessary to have a balanced approach. It main include having good cyber security measures, firewalls, antivirus softwares and appropriate internet usage policies

  1. Keeping Softwares Updated

Keeping software updated fixes the bugs which reduces the risk of being attacked. So it is important that software is being updated so that the bugs are being fixed and scope of potential attack can be reduced.

  1. Reducing the Use of Third Party Applications

Third Party Applications can pose a threat to cybersecurity due to a strong reason that it can lead to data leakage and privacy concerns.

It is bean reported several times[13] that some instant loan application scam is happening. These applications lend money and ask for the access in the device for almost everything, like for photos, contacts and for other things which is used to threaten the person to whom they have lent the loan. The common way is, they either send messages to all contacts defaming the person or they will make a deep fake image of the person and will threaten him/her with the image.

To reduce these kinds of attacks and threats it is important that third party applications are not used.

  1. 2-Step Authentication

2-Step Authentication helps in identifying the user. It ensures that the person who is trying to enter into the server is the real owner and no one else. So it is important that this authentication is enabled so that scope of potential attack is reduced.

Conclusion

Earlier the Right to Privacy was not considered as a fundamental right, but after the judgment of K.S. Puttaswamy v. Union of India[14], it is now considered as fundamental right which is protected by Article 21. This Decision was the demand of time as India is heading towards the age of digitalization and in this age laws related to data protection were also required.

As per the statistics, many people are using social media and many of them are having fake profiles. Nobody knows what their intention is behind using the fake profile. Whether they want to deceive someone or want to defame someone or whatever it is. They are doing nothing but making someone feel unsafe on the internet. Besides this, there are online operating businesses who make their operations through the internet. In all these cases, laws relating to digital security were necessary so that the data, which is a concern of privacy for the person whose data it is.

By enacting these laws the legislature has given some specific rights to the person to whomsoever the data belongs and have imposed the obligation upon the data fiduciaries.

It also provides for the duty of data fiduciaries in case of data breach and also provides for the penalties for the person who breaches the data.

These laws were the need of the hour, as India is heading towards the digital age.

But the security and data privacy is also the obligation of ourselves. We can not put everything on the legislature. For that purpose we have to secure our device, our applications and our network, so that no one can breach data and misuse it.

Name – Ankit Kumar Pandey

College – Law Center-II, Faculty of Law, University of Delhi


[1]  K.S. Puttaswamy v. Union of India, (2019) 1 SCC 1 http://www.scconline.com/DocumentLink/507jT8Z4

[2] Supra Note No. 1

[3] MANU/SC/0085/1962

[4] https://www.statista.com/statistics/617136/digital-population-worldwide/

[5] https://aag-it.com/the-latest-cloud-computing-statistics/#:~:text=The%20cloud%20isn’t%20just,from%201.1%20billion%20in%202014.

[6] https://www.statista.com/statistics/947869/facebook-product-mau/

[7] News was published on India Today’s website on Mar 1, 2022 03:27 IST

[8] News was published on the website of The Times of India on Feb 4, 2023, 15:54 IST

[9] Supra Note No. 1

[10] As given by Ministry of Electronics & Information Technology, Government of India of its website meity.gov.in

[11] https://www.google.com/amp/s/m.timesofindia.com/business/india-business/over-700-cases-registered-under-it-act-in-2020-for-privacy-violation/amp_articleshow/88207723.cms

[12] Supra Note No. 1

[13] Reports are been published on the website of BBC on 11 October, 2023; on website of The Indian Express on 29 July, 2023, and the website of The Times of India on 11 May, 2022

[14] Supra Note No.1

Leave a Comment

Your email address will not be published. Required fields are marked *