A General Perspective On Overlapping of Right
A General Perspective On Overlapping of Right
Volume 5, Issue 4, April – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
A General Perspective on Overlapping of Right to
Privacy and Information Technology
1
Arpit Vihan, Assistant Professor, Geeta Institute of Law, Panipat
2
Bhawna, Assistant Professor, Geeta Institute of Law, Panipat
Abstract:- Eschewing the set of all freedoms, the inexpensive and ready to access personal information pool
concept of liberty sits at the soul of a democratic which increments every single second, and if not handled
structure. Associated with varying connotations in carefully might lead to severe exploitation.
different jurisdictions, Article 21 of Indian Constitution
qualifies its enjoyment with the term ‘personal’ unlike Internet privacy is economically important since it
its U.S. counterpart; probably the reason for reluctance assures consumers that their personal particulars will not be
of Indian Courts to recognize privacy as an essential released to unauthorized persons. 3 Its infringement thus
ingredient of personal liberty for a long time. 1 Indian poses great threat by breaching the trust of a user,
Jurisprudence is now settled on the issue of privacy and detrimental to both social and economic interests. The risks
its safeguards in the modern era 2 , it is nevertheless it can generate include the theft of sensitive user data such
bound to face a resilient challenge while extending the as transaction PINs, bank account numbers, etc. The
guarantee in online sphere. situation is worsened by the injection of malwares which
damage both the computer resources and the data.
Online privacy being a mammoth subject; it is
impossible to discuss all of its facets and the authors As far as the safeguard(s) of online privacy is
have confined the discussion to the most prominent concerned, Germany is probably the first jurisdiction to
privacy concerns associated with data handling and recognize online privacy after the abuse of information by
analysis, with special reference to the legal framework state agencies, followed by Sweden where the high flow of
in India. The objective is therefore twofold: firstly, to personal information on the internet enabled a person to
determine the efficiency of national laws in ensuring access all income tax returns by hunch of a few clicks.
online privacy by addressing its massive infringement State agencies have ensured the security of online data by
by websites and the incapability of law in curbing it the system of encryptions, wherein no third party is legally
(Part III) and secondly, to suggest plausible remedies allowed to intervene and extract the input data. In India,
for the inherent flaws that exist therein considering the Information Technology Act, 2000 takes into consideration
legal mechanism adopted in countries with a much the system of key pair encryption for the recording and
matured understanding of privacy concerns (Part IV). authentication of digital signatures. 4 The system though
Setting the stage, Part II provides an insight into the secure, is not infallible and there are innumerable instances
concept of online privacy, the pivotal role it plays in life of information being accessed by third parties.
and its infringement by exploitation of the cyber
information pool while Part V contains the conclusive Privacy interests are further jeopardized by the data
remarks of the author. collection done by websites, both explicitly and impliedly.
Though one might wonder that the pop-up advertisements
Keywords:- Right to Privacy, ICT, Technology, IT Act. share utter relevancy with their cyber activities, majority of
internet users are unaware of the fact that items such as
I. INTRODUCTION banner ads, search queries, etc. are actually information
receptors to Marketing Companies. They are happy to surf
The classic meaning of privacy, i.e., ‘to be let alone’ as long as no information is sought explicitly, and thus
is the structural foundation that defines privacy in modern arises the need for massive state intervention to assure
states. Extension of this foundational principle can be made online privacy.
to the realm of Internet. Privacy can therefore be assumed
to be the security of personal data published through cyber Cognizant of the outcomes of privacy infringement,
means. It is a great cause of concern regardless of the there are multiple international directives such as OECD
services a user plans to avail, ranging from random social Privacy Guidelines, EU Data Protection Directivesand
networking to huge monetary transactions. Convergence of APEC Privacy Framework; all of which are designated to
computers with telecommunications and the advent of nullify the draconian effects of technology on privacy.
smart phones have paved way for an atmosphere of Principles such as notice, consent, collection and usage
limitation, access and corrections and openness cut across
1
Kharak Singh v. State of U.P., AIR 1963 SC 1295
2 3
See K.S. Puttaswamy v. Union of India, 2017 SCC Nandan Kamath, Law Relating to Computers, Internet and
OnLine SC 996, Maneka Gandhi v. Union of India, AIR E-commerce, 287 (5th ed., 2012)
4
1978 SC 597; Ram Jethmalani v. Union of India, (2011) 8 Vakul Sharma, Information Technology Law and Practice,
SCC 1. 111 (3rd ed., 2011)
IJISRT20APR662 www.ijisrt.com 971
Volume 5, Issue 4, April – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
these frameworks along with the principle of enforcement. tracking activity on websites and are often used in
The EU Data Protection directive, OECD Guidelines and combination with cookies10.Pixel tags (web beacons) work
APEC framework additionally deal with the subject of and monitor activities even when a user is working on
Trans-border data flow, while Australia’s ANPP his/her e-mail. Google also provides personal information
specifically prescribes de-identification of the personal to its affiliates or other trusted businesses in compliance
information.5 with its Privacy Policy or any other appropriate
confidentiality and security measures.11
II. GLOBAL INFRINGEMENT OF PRIVACY:
TRACING THE TRACKS Unethically asocial Facebook
While most of the policies of Facebook are
Significance of privacy in cyber space and the synchronous with internationally recognized privacy
hardships users face thereof are now compellingly clear, standards, it provides, “We offer a range of products and
which brings us to the discussion about the legal recourse features that involve the use of these (Cookies, pixels and
available in such circumstances. However, it is preferable similar technologies) to reach you, based on your activity
to discuss at first the privacy policies of the Reserve Banks on and off our services.12”
of Data in India, i.e., Google and Facebook 6 to gauge the
magnitude of infringement committed by them which In implication, cookies monitor online activities of the
would render help to test the logicality of Indian statutory user even when he has left the server. 13 It is a common
provisions. experience that while browsing Facebook, the
advertisements which are displayed are the ones which are
Google: The cyber spy relevant to us which is because the cookies sent by
The Privacy policy of Google states that Google Facebook, as per the policy “serve you ads that may be
collects information regarding device, IP addresses, user interesting to you on Facebook Services or other websites
location, unique application numbers, cookies and similar and mobile applications14”.
technologies. 7 The fundamental question which arises at
this juncture is, whether it conforms to the international Byte-ing Cookie: Notsotasty
standards and whether the information thus gathered is A glimpse through the privacy policies of leading
limited in usage or not. The policy itself offers some websites makes it amply clear that cookies are stored in the
answer to it. Attention is sought to be laid on the computer without user’s consent and monitors the activities
highlighted words, which lead to the inference that Google of the user even when (s)he has left the website. Though
can and will utilize data of any user if it is of some interest the browser provides settings using which cookies can even
to Google itself, which if further interpreted means that be turned off, many leading websites don’t work properly
Google is authorized to scrutinize every single bit of data to on enabling such settings and users are forced to allow
protect Google!8 cookies, citing the absurd reason of improved user
experience and overall service quality15. The targeted use of
The policy further provides, “Our automated systems cookies is thus to monitor consumer habits which is
analyse your content (including emails) to provide you unethical and illegal because such collection lies beyond a
personally relevant product features, such as customized reasonable expectation of privacy and the collected
search results, tailored advertising, and spam and malware information is deceitfully centralized.16
detection. We use information collected from cookies and
other technologies, like pixel tags, to improve your user Since cookies are unwelcomed guests on a device, a
experience and the overall quality of our services...”9 typical computer user has no knowledge that cache files,
temporary files and log files are being stored on his
It should be mentioned here that cookies are small computer. 17 The international directives and principles
textual pieces sent to the web browser by a website visited speak vehemently that information should be collected with
by the user, and helps the website to remember information
about the visit for the sake of future convenience. On the 10
Key Terms, Google Privacy Policy, available at
other hand, pixel tags are a kind of technology placed on a
https://www.google.com/policies/privacy/key-terms/#toc-
website or within the body of an email for the purpose of
terms-pixel,
11
Supra 8.
5 12
Report of the Group of Experts on Privacy, Planning Privacy, Facebook Help Centre, available at
Commission of India, available at https://www.facebook.com/help/cookies/update,
13
http://planningcommission.nic.in/reports/genrep/rep_privac Cookies, Razorian Fly, available at
y.pdf, http://razorianfly.com/cookies/, last seen on 25/03/2019
6 14
Top Sites in India, Alexa, available at Supra 14
15
http://alexa.com/topsites/countries/IN, Supra 8
7 16
Ibid. Daniel Lin, Michael C. Loui, Taking the Byte Out of
8
https://static.googleusercontent.com/media/www.google.c Cookies: Privacy, Consent, and the Web, Seventh Annual
om/en//intl/en/policies/privacy/google_privacy_policy_en.p Meeting of the Association for Practical and Professional
df, Ethics, Dallas, TX.
9 17
Ibid. Supra 12.
IJISRT20APR662 www.ijisrt.com 972
Volume 5, Issue 4, April – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
consent of the user which should be an informed consent security applying the theory of social engineering22. On the
and the same is missing with respect to cookies. contrary, statistics reveal that 708 URLs were blocked in
2012, 1,349 URLs in 2013, and 2,341 URLs in 2014,
It should be noted here that the directives issued by grounds of which are undisclosed.23
European Union allow websites to link actions of users
during a browsing session for a variety of purposes which III. INDIAN LAWS: ARE WE PREPARED?
should be disposed on the expiry of the session or might
even be stored on the device provided that the cookies must Indian law relating to online business is primarily
tell people that the cookies are there, explain what the governed by The Information Technology Act, 2000, which
cookies are doing, and obtain their consent to store a cookie hardly recognises any concept of online privacy. It is sad to
on their device.18 see that the objective of the Act clearly purports that the act
is intended to deal with e-commerce and provides legal
Revenge Porn: Increasing menace and privacy recognitions to these transactions.
concerns
Revenge Porn is the sharing of private/sexual There are tinctures of privacy concerns in an ocean
materials of another without their consent for the purpose called the IT Act, with S. 72 apparently being the single big
of causing embarrassment or distress. 19 The content is molecule; which punishes an individual who, in pursuance
sometimes accompanied by personal information about the of any of the powers conferred under the Act, rules or
subject, including their full name, address and links to their regulations made there under, secures access to any data
social media profiles. Revenge porn has a widespread and discloses it to third parties without consent. 24 The
nature, for that it travels faster with viewers multiplying provision penalises those who abuse any of the powers
exponentially and requires no expenditure to be made. conferred under this act, which necessarily restricts its
Moreover, many targets hesitate to complain the ugliest application only on those empowered under this Act and
form for infringing privacy for fear of being shamed and excludes from its purview the entities such as private
blamed. 20 Violation of sexual privacy, notably the non- citizens, search engines and social networking sites.
consensual publication of sexually graphical images is a
breach of trust and deserves criminal punishment. Denying The criminalization of privacy infringement,
subjects' ability to decide over sexual exposure to the especially revenge porn is of utmost necessity to guard the
public, it produces gross emotional and dignitary harms citizens against devastating privacy invasions that chill self-
along with increasing the risks of physical assault. expression and ruin lives25, and the provisions of Privacy
Bill, 2011 can come handy in achieving the target object.
Apart from the privacy concerns associated with
private players, infringement of privacy by the state as a The bill provides that every citizen shall have right to
security measure is also a debatable issue. Cyber security privacy and shall not be infringed except in accordance
cannot be enhanced without a proper understanding of the with procedure laid down in the Bill. 26 It states that the
relationship between security and other national collection and disclosure of personal data, monitoring cyber
imperatives, primarily privacy21. A balance need be struck activities, sending unsolicited communications shall
between the conflicting interests of privacy and national constitute infringement of privacy27.
18
Guidance on the rules on use of cookies and similar
technologies, The Privacy and Electronic Communications
(EC Directive) Regulations, 2003, available at
https://ico.org.uk/media/for-
organisations/documents/1545/cookies_guidance.pdf, last
seen on 27/03/2019.
19
Olivia Wilson, Revenge Porn Is More Than a Violation of
Privacy: It Is Digital Sexual Assault, The Huffington Post
(26 June 2015), available at
http://www.huffingtonpost.com/olivia-wilson/revenge- 22
porn-is-more- Ibid.
23
than_b_7641876.html?ir=India&adsSiteOverride=in, last Ministry of Information and Communications
seen on 27/03/2019 Technology, Government of India, No. 14 (74)/2014-ESD,
available at http://sflc.in/wp-content/uploads/2015/04/RTI-
20
Sandhya Soman, The seedy underbelly of Revenge Porn, blocking-final-reply-from-DEITY.pdf, last seen on
Times of India (23 August 2015), available at 28/03/2019
24
http://timesofindia.indiatimes.com/tech/computing/The- S.72, The Information Technology Act, 2000.
25
seedy-underbelly-of-revenge- Danielle Keats Citron, Mary Anne Franks,Criminalizing
porn/articleshow/48627922.cms, last seen on 27/03/2019 Revenge Porn, 49 Wake Forest Law Review 314, 345
21
Sunil Abraham, Elonnai Hickok, TarunKrishnakumar, (2014).
26
Security: Privacy, Transparency and Technology, 2 CyFy S. 3, Privacy Bill, 2011.
27
Journal 107, 109 (2015). S. 5, Privacy Bill, 2011.
IJISRT20APR662 www.ijisrt.com 973
Volume 5, Issue 4, April – 2020 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
IV. FIXING THE FLAWS IN PRIVACY LAWS: V. CONCLUSION
REMEDIAL REMARKS
Infringement of privacy in cyberspace has become a
While addressing the flaws in legal framework of global concern and it is no exaggeration to state that
India while dealing with infringement of privacy, lead can assurance of its safeguard in present circumstances is a
be taken from other jurisdictions as remedial inputs. In the myth owing to the macro level data analysis by almost all
US, privacy protection is essentially liberty protection, i.e. market players. While the Indian law stands absolutely
protection from government.28 The Privacy Act of 1974 can helpless to cease such violation of privacy, the provisions
generally be characterized as an omnibus “code of fair of Privacy Bill, 2011 can be witnessed as a yardstick of
information practices” that attempts to regulate the change. Moreover, there are bulks of foreign statutory
collection, maintenance, use, and dissemination of personal provisions as well as methodology as discussed above;
information by federal executive branch agencies. The law which can be engaged to cater to the concern so as to keep
with respect to privacy is further governed by a plethora of the fundamental right to personal liberty alive and intact.
statutes such as The Electronic Communications Privacy
Act of 1986, The Right to Financial Privacy Act and much
more. Advancing a step ahead, legislations protecting right
to privacy in private sector have also been enacted such as
The Fair Credit Reporting Act (FCRA), The Identity Theft
and Assumption Deterrence Act, The Children’s On-line
Privacy Protection Act, etc.
In Canada, privacy protection is focused on individual
autonomy through personal control of
information. 29 Canadian Government relies on the
methodology of personal control to ensure privacy which
holds well only with the presumption of a bona fide
intention of all the citizens. However, the self-regulatory
scheme can be effective only if businesses choose to
become a part of it. While there are a large number of
businesses likely to get on the bandwagon because they are
already committed to privacy concerns or to gain
commercial advantages, a larger number of businesses
would still be opposed to self-regulation when there is no
sanction to breach.30 Further, such a model shall cease to be
effective in the social context of India with huge social
disparity unlike the egalitarian society of Canada.
SEAL Programmes: Certifying Trust of Users
SEAL programmes render a highly significant
solution to the concerns of cyber privacy by deploying
agencies to certify websites based on their privacy policy
and display the same on its home page so that whenever a
user accesses it, he gets to know as to what the shall be
repercussions of using the website on his privacy. This
methodology is neither too harsh for the implementers to
abide by, and assures an informed consent from the user.31
28
Avner Levin and Mary Jo Nicholson, Privacy Law in the
United States, the EU and Canada: The Allure of the
Middle Ground, 7 University of Ottawa Law and
Technology Journal 327, 330 (2015).
29
Ibid, at 332
30
Supra 4, at 400
31
Certification Standards, Truste, available at
https://www.truste.com/privacy-certification-standards, last
seen on 29/03/2019