CYBER PRIVACY ISSUES IN INDIA

*Rehan Umar Khan

ABSTRACT

Technology has changed the way information is being received or sent, and, so it has affected the
privacy rights of a person. Now privacy is not only limited to intrusion in one’s private life
(peeping in home), it has a much wider reach. Use of Smartphone with Internet together have
provided many ways to keep an eye or to track a person without being noticed, resulting as a
breach of privacy. This project report will examine the growing privacy issues in cyber space and
a legal approach to defend and protect one’s privacy rights in India.

Contents
INTRODUCTION ........................................................................................................................................ 2
What is Privacy? ........................................................................................................................................... 3
Types of Privacy ....................................................................................................................................... 4
Personal Privacy: .................................................................................................................................. 4
Informational Privacy: .......................................................................................................................... 4
Organizational Privacy:......................................................................................................................... 5
Privacy and the Internet ................................................................................................................................ 5
Legal Regime to Combat Cyber Privacy in India ......................................................................................... 6
Information Technology Amendment Act, 2008 ...................................................................................... 6
Indian Penal Code, 1860 ........................................................................................................................... 8
Code for Criminal Procedure, 1973 .......................................................................................................... 8
The Privacy Protection Bill (2013) ........................................................................................................... 8
Conclusion .................................................................................................................................................... 9
References ................................................................................................................................................... 10

*Student at National Law Institute University, Bhopal

Electronic copy available at: http://ssrn.com/abstract=2357266

 2

INTRODUCTION
The global use of internet for electronic communication and e-commerce over the past few years
has become a common phenomenon of modern life. No doubt it facilitated our life a lot, but on
other hand it has created a grave concern for governments in India and other countries as it is
posing a threat to personal privacy in an online environment. These concerns have created an
alarming situation to Indian government, media, private entities and policy- makers, waking up
to this challenge now we can see that some efforts are being made by our government to develop
some policies and strategies to protect the privacy of electronic transactions and personal
information in cyberspace.

The use of new and advanced technologies has increased the fear of privacy intrusion as the new
types of PII (Personal Identifiable Information) are now available while it was quite difficult to
get them earlier. Biometrics such as, DNA, finger prints, iris-scanning which are becoming
popular as a method to secure identification. These biometric devices are being used to prevent
fraud in various organizations but they have also raised some concerns about the storage and
access of these digital data. The Internet has affected a lot upon the privacy rights of a person
both in their identities and their personal data. The use of smart phones or internet enabled
phones is the biggest challenge now days as it intrudes upon the privacy rights of a person. Each
computer, mobile phone or other device attached to the internet has a unique IP address, which
provides a unique identifier for every device and which in turn the can be traced.

The amendments in the IT act (2008) and recently produced bill namely (The Privacy Protection
Bill (2013)) in the parliament are the signs that the Indian government is waking up towards this
problem and trying to combat it. Earlier there were a very few provisions in Indian law to
intercept, block and monitor internet communications or to regulate the flow of personal
information.

The Privacy Protection Bill (2013) deal with all the major concerns like the protection of
personal data, interception of communication, surveillance etc. about which we mostly confront
within daily life. Certainly this bill will help to meliorate the trust of people in E-commerce.
Because this implies the rule that no person shall collect any personal data of another person
without obtaining the prior consent of the person to whom it pertains and such consent may be

Electronic copy available at: http://ssrn.com/abstract=2357266

 3

obtained in any manner, and through any medium, but shall not be obtained as a result of a
threat, duress or coercion. But apart from all the steps taken by the government to maintain
privacy in cyberspace it is also our responsibility to decide up to what extend do we need to
share our personal information over the internet. In India people share their personal information
over the social networking sites, matrimonial sites and on several other places regardless of the
fact that this information can be misused easily. It is important to understand the criticalness of
the fact that even if we share anything on an Indian website it can be accessed globally thus
making our information available across the globe. This is due to the nature of the internet so we
too have to limit ourselves in sharing personal information despite of making so many polices
and passing bills for regulating personal information in cyberspace.

What is Privacy?
“Privacy may be defined as the claim of individuals, groups or institutions to determine when,
how and to what extent information about them is communicated to others”

(Westin AF, Privacy and Freedom, 1967, page 7).

In simple words privacy can be defined as a right to be let alone1. We as a human being want
some space or privacy so that we can enjoy our life the way we want. One should not have the
fear of privacy intrusion in its own home or while enjoying his private life. Also a citizen has a
right to protect the privacy of his life, marriage, family, health, procreation and other matters.
“None can publish anything concerning the above matters without his consent, whether truthful
or otherwise and whether laudatory or critical. If he does so, he would be violating the right to
privacy of the person concerned and would be liable in an action for damages2." But in certain
cases3 the privacy of a person is not only breached but the content is made available in public
which results as defamation and loss of reputation.

1
As defined by Warren and Brandies in “Right to privacy”. Can be retrieved from :
http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html (Last visited on 15,Dec,
2013)
2
See M/S.Akshaya Creations vs V.Muthulakshmi, W/O Late ... on 1 February, 2013
http://indiankanoon.org/doc/5439094 ( Last visited on 15,Dec,2013)
3
Like in the case of Swami Nityanad wherein a leaked videotape involving a Tamil actress thrust Swami
Nithyananda was made public.
 4

Types of Privacy
The term privacy can have different meaning in different context. Peoples have different opinion
and views on what they can term as the breach of their privacy rights.

Personal Privacy:
The main and the most related term in the context of privacy can be related to the exposure of
one’s body to another, it can also be defined as physical privacy. This is also an expect of
personal modesty. A personal can go to extreme depth in order to protect his modesty. Like one
wears clothes to prevent his body to be seen to others, creates walls or fences etc. People also
expect that their privacy rights will be respected by others too. Some people choose to do the acts
of physical intimacy in public but again this is their personal choice. Physical privacy can be
defined as4:

"Intrusions into one's physical space or solitude" This would include such concerns as:

 preventing intimate acts or hiding one's body from others for the purpose of modesty;
apart from being dressed this can be achieved by walls, fences, privacy screens,
cathedral glass, partitions between urinals, by being far away from others, on a bed by a
bed sheet or a blanket, when changing clothes by a towel, etc.; to what extent these
measures also prevent acts being heard varies
 video, of aptly named graphic, or intimate, acts, behaviors or body parts
 preventing unwelcome searching of one's personal possessions
 preventing unauthorized access to one's home or vehicle
 medical privacy, the right to make fundamental medical decisions without governmental
coercion or third party review, most widely applied to questions of contraception

Informational Privacy:
As the term says informational privacy is related to information or data about a person. This data
can be of any type and in any form for example name, date of birth, address, phone number, bank
details etc. The concern of privacy arises in collecting, storing and sharing of personal data. With

http://articles.timesofindia.indiatimes.com/2010-08-07/india/28313713_1_privacy-harvard-law-review-article-
indian-law (Last visited on 15,Dec,2013)
4
As defined by H. Jeff Smith in his book- Managing Privacy: Information Technology and Corporate America, 1994
 5

the improved technological equipments new type of Personally Identifiable Information (PII) are
generated and stored for various purposes. Like now days many organizations are implementing
fingerprint scanners as a security measure and a tool to grant access in the premises. The
fingerprint scanner comes under the Biometric devices like iris scanner, face camera, speaker
recognition and many others. No doubt these devices provide effective security measures but if
the data collected by biometric devices, misused can be dangerous5.

Organizational Privacy:
Various organizations, agencies or corporations may desire to keep their activities hidden from
other organizations or individuals. Like the defense or military department etc. They can
implement various methods to achieve their desired privacy.

Privacy and the Internet

Internet has almost changed the way one used to fear from privacy invasion. Now you don’t
know how and when you are been monitored and by whom. One do not know that his
information is being sold over the internet for just 1 or 2 dollars6, peoples are being murdered by
the help of internet7, peoples are harassed and blackmailed on social networking sites. Their
photos are downloaded, morphed and misused8. Though Internet has revolutionized the world
and it has become a global village now, on the other hand we cannot deny the negative aspects of
it.

We need to understand the fact that everything that we do on internet can be noticed or revealed
because it leaves digital traces. The use of smart phones is another emerging danger to online
privacy. Every device that is connected to Internet has a unique IP address attached to it, whether
it is a computer, mobile, play station or anything else which means it can be traced. If you are
going on a vacation without informing any of you friends and if your friend calls you and say

5
Biometric industry raises alarm over misuse of data. Can be found on
http://www.theglobeandmail.com/news/national/biometrics-industry-raises-alarm-over-misuse-of-
data/article4276237/(Last visited on 15,Dec,2013)
6
Facebook selling information: http://news.discovery.com/tech/gear-and-gadgets/how-facebook-sells-your-
personal-information-130124.htm (Last visited on 15,Dec,2013)
7
Death caused by social media: http://www.ranker.com/list/the-13-craziest-deaths-caused-by-social-
media/whitney-milam (Last visited on 15,Dec,2013)
8
Facebook photos morphed to target air-hostesses http://www.indianexpress.com/news/facebook-photos-
morphed-to-target-airhostesses/549680/(Last visited on 15,Dec,2013)
 6

what you are doing at that place, it will not be surprising, that how he knew where you are. If
you are doing online transaction or simply anything related to e-commerce it is much possible
that your credentials can be compromised. Now days even if you search anything on Google and
after some time if you want to search the same thing it will appear in the search drop list even if
you type the first word of the letter. That means Google is saving your search history9 in order to
give you a better experience but isn’t it compromising your privacy?

Legal Regime to Combat Cyber Privacy in India

We have looked upon the threats to cyber privacy and their results. But what can we do if
someone breaches our privacy. What can we do, what are the legal rights of an Indian citizen in
context with privacy? Let us understand that.

Information Technology Amendment Act, 2008

Information Technology Act is an act of Indian Parliament notified on 17, October, 2000. It was
further amended and came into force on October 27, 2009. It regulates the cyberspace in India
and provides rules and regulations regarding different aspects of cyber law.

Section 43(A): Compensation for failure to protect data

Where a body corporate, possessing, dealing or handling any sensitive personal data or
information in a computer resource which it owns, controls or operates, is negligent in
implementing and maintaining reasonable security practices and procedures and thereby causes
wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages
by way of compensation, to the person so affected.

Section 66(E): Punishment for violation of privacy.

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area
of any person without his or her consent, under circumstances violating the privacy of that
person, shall be punished with imprisonment which may extend to three years or with fine not
exceeding two lakh rupees, or with both.

9
Google knows too much about you http://edition.cnn.com/2012/02/09/opinion/ghitis-google-privacy/(Last
visited on 15,Dec,2013)
 7

Explanation - For the purposes of this section--

(a) “transmit” means to electronically send a visual image with the intent that it be viewed by a
person or persons;

(b) “capture”, with respect to an image, means to videotape, photograph, film or record by any
means;

(c) “private area” means the naked or undergarment clad genitals, pubic area, buttocks or female
breast;

d) “publishes” means reproduction in the printed or electronic form and making it available for
public;

(e) “under circumstances violating privacy” means circumstances in which a person can have a
reasonable expectation that--

(i) he or she could disrobe in privacy, without being concerned that an image of his private area
was being captured; or

(ii) any part of his or her private area would not be visible to the public, regardless of whether
that person is in a public or private place.

Section 72: Breach of confidentiality and privacy:

Save as otherwise provided in this Act or any other law for the time being in force, any person
who, in pursuant of any of the powers conferred under this Act, rules or regulations made there
under, has secured access to any electronic record, book, register, correspondence, information,
document or other material without the consent of the person concerned discloses such electronic
record, book, register, correspondence, information, document or other material to any other
person shall be punished with imprisonment for a term which may extend to two years, or with
fine which may extend to one lakh rupees, or with both.

Section 72(A): Punishment for Disclosure of information in breach of lawful contract

Save as otherwise provided in this Act or any other law for the time being in force, any person
including an intermediary who, while providing services under the terms of lawful contract, has
 8

secured access to any material containing personal information about another person, with the
intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses,
without the consent of the person concerned, or in breach of a lawful contract, such material to
any other person shall be punished with imprisonment for a term which may extend to three
years, or with a fine which may extend to five lakh rupees, or with both.

These are the sections which provide a citizen some rights to fight for his privacy in IT Act. Also
it provides some procedure and rules for monitoring and collecting traffic data or information.

Indian Penal Code, 1860

There are some sections in IPC which deals with privacy. They are not directly related with
cyber privacy but can be helpful for an individual to claim his or her rights. Like Section 499 –
Defamation, Section 500 – Punishment for Defamation, Section 292 – Sale, etc., of obscene
books etc., Section 447 – Punishment for Criminal Trespass, Section 509 - Word, gesture or act
intended to insult the modesty of a woman.

Code for Criminal Procedure, 1973

Few of the sections in CrPC can also be implied with the other sections in other Acts such as
Section 320 - Compounding of offences.

Right to Information Act, 2005

Section 8 - Exemption from disclosure of information.

The Privacy Protection Bill (2013)

As the bill says that it is a bill “to establish an effective regime to protect the privacy of all
persons and their personal data from Governments, public authorities, private entities and
others, to set out conditions upon which surveillance of persons and interception and monitoring
of communications may be conducted, to constitute a Privacy Commission, and for matters
connected therewith and incidental thereto10.”

Following are the chapters of the privacy protection bill (2013):

1. Preliminary

10
Preliminary of The Privacy Protection Bill, 2013
 9

2. Right to privacy

3. Protection of personal data

4. Interception of communications

5. Surveillance

6. The privacy commission

7. Offences and penalties

This bill deals with all the major aspects of the privacy concern. It states that no person shall
collect, store, process, disclose or otherwise handle any personal data of another person, intercept
any communication on another person or carry out surveillance of another person except as
provided in the act.16 It also put a bar on collecting data or personal information of individuals
without obtaining prior consent of the person whom it pertains. If made applicable privacy
commission would be formed so that no one can carry out any surveillance of any person without
taking permission from the privacy commission though it has some exceptions too.

Conclusion
First, Right to privacy is a fundamental right as guaranteed by Indian Constitution in Article 21,
so every individual has a right to privacy but with some limitations. Though new methods of
tracking and tracing a person are available, also new types of Personally Identifiable Information
(PII) can be retrieved; government should take responsibility of a person’s privacy and personal
information from being invaded. Government has also prescribed the method and rules for
monitoring and collecting data or information in IT Act but it should also be implemented.
Second, it’s also our responsibility to know that as internet is a global platform we should try to
regulate or minimize the amount of information we usually share without being aware about the
possible risks and threats related to it. Because as it is always said that, “precaution is better than
cure”.
 10

References
[1] Alan D. Smith, “Cybercriminal impacts on online business and consumer confidence”,
Online Information Review Volume 28 · Number 3 · 2004 · pages. 224–234, 2004

[2] Alan F. Westin, “Privacy and Freedom”, Bibliography: pages. 445-458, 1967

[3] Alessandro Acquisti, “Privacy and Security of Personal Information Economic Incentives and
Technological Solutions”, J. Camp and R. Lewis (eds), The Economics of Information Security,
Kluwer, 2004

[4] Alessandro Acquisti; Allan Friedman; Rahul Telang, “Is there a Cost to Privacy Breaches?
An Event Study” Twenty Seventh International Conference on Information Systems, Milwaukee
2006 and Workshop on the Economics of Information Security, Cambridge, UK, 2006

[5] Andreas M. Antonopoulos, “The black market for identity theft Security: Risk and Reward”,
Network World, 301 September 11, 2007

[6] Anthony D. Miyazaki, Sandeep Krishnamurthy, “Internet Seals of Apagesroval: Effects on

Online Privacy Policies and Consumer Perceptions”, Journal of Consumer Affairs, Vol. 36 Issue
1, pages 28 – 49, Summer 2002

[7] Craig E. Wills and Mihajlo Zeljkovic, “A personalized apagesroach to web privacy:
awareness, attitudes and actions”, Vol. 19 No. 1, pages. 53-73, 2011

[8] Balancing Online Privacy in India by Apar Gupta. Can be found at :

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1682465