Concept of Privacy & Data

Protection
 Privacy- natural rights
 In North America, Warren & Brandeis assertion that privacy is
the ‘right to be let alone’
 It is an Individual right: to control the communication of
personal information, & as a property right.
 As a property right, data are transferable & thus all privacy
rights can be lost.
 Risk: Misuse of such information
 Privacy Rights are inherently intertwined with
information technology.

1. In 1967, telephones had become personal devices,

2. In 1970’s , new computing & recording technologies began
to raise concerns about privacy, resulting in the Fair
Information Practice Principles.
  Brent v. Morgan ,
299 S.W. 867 (Ky.1927)
Every Person has a desire to keep a part of his life private. It is
considered as a natural and an absolute or pure right springing
from the instincts of nature. The area of which one wants to
keep away from the public may relate to one’s personality,
one’s name, one’s premises, one’s private life, one’s papers
and the like.
 In India, the right of privacy is part of Art 21 of the
constitution of India but it is not absolute. The disclosure of
private information is justified under certain circumstances.
 The concept of privacy as fundamental right first evolved in th
60s in the case of Kharak Singh v. State of U.P.,
AIR 1963 SC 1295, the court held that the right to privacy is an
integral part of the right to life. But with no clear-cut laws, it
remains a grey area.
If the offender is a private individual then there is no effective
remedy except in torts, where one can claim damages for
intruding in his privacy and no more, torts itself being grey.
The two judge bench observed that the right to privacy
enshrined in the Art. 21 could be involved only against the
state actions & not against private entities.
 Art. 12 of the Universal Declaration of Human Rights
States that,

“No one shall be subjected to arbitrary interference with his

privacy, family, home or correspondence, nor to attack upon
his honour and reputation. Everyone has the right to the
protection of the law against such interference or attacks.”
 Right to Privacy

Non- Interference Limited Accessibility Information Control

Secrecy

Solitude Anonymity
1. Non Interference- It is a part & parcel of “ a right to be let
alone”

2. Limited Accessibility: limited accessibility consisting of

three elements:
a. Secrecy: the extent to which we are known to others
b. Solitude: the extent to which others have physical access to
us,
c. Anonymity: the extent to which we are the subject of others
attention
3. Privacy as information Control –
“privacy is the claim of individuals, groups, or institutions to
determine for themselves when, how, & to what extent
information about them is communicated to others”
 Concept of E-Privacy & Data Protection in
Cyberspace
 In the Internet Era, larger amounts of information is collected
and there as a greater likelihood that such information will be
disclosed.
 Maintaining of databases is not as much difficult task as
maintaining its integrity, so in this era the most concerned
debate is going on to innovative a perfect method of data
protection.
 In the electronic age, complete control over our privacy is
not possible as we leave behind a trail of data, which often
contains personal information, such as credit card,
insurance, banks, hospitals, schools, tax, credit history,
telephone etc. this can be analyzed from the following
illustrations:-
1. On every login to the e-mail account in the cyber cafes, the
electronic trail of password remained left there unsecured.
2. On every login to internet, there left behind an electronic trail
enabling website owners and advertising companies to get
access to the preference and choices of the users by tracking
them.
3. On every use of credit card for purchasing purpose, the trail of
brand preference, place of shopping etc. left behind.
4. Phone call signals of the police are easily tracked by the
naxalites enabling them to know about the police plans.
 Right to privacy is more of an implied obligation.
Nevertheless, the right to privacy in the advent of
information technology can be infringed by’:
a. Utilizing private data already collected for a purpose other
than that for which it was collected;
b. Unauthorized reading of e-mails of others;
c. Sending of unsolicited e-mails or spamming etc.
Spammers collect e-mail addresses from chatrooms,
websites, customer lists, newsgroups, and viruses which
harvest users' address books, and are sold to other
spammers.
 Computer data containing personal information stored for a
particular purpose, if used for some other purpose may breach
the private rights of individuals who may like to keep their
personal history to themselves.
 Many countries other than India have their data protection
laws as a separate discipline. They have well framed and
established laws, exclusively for the data protection
 In India, information Technology Act, 2000, in Sec 72 deals
with only to a very limited segment of the right to privacy.
 Privacy in Technology Driven World

 There are means to capture digital footprints of user, who is

browsing internet for various reasons. It all begins with
capturing IP address. An Internet Protocol address (IP address)
is a numerical label that is assigned to devices participating in
a computer network that uses the Internet Protocol for
communication between its nodes.
 Whenever a person browses, sends e-mails, chats online, he
leaves distinctive IP address behind. By searching IP
registration database or conducting trace out, approximate
physical location of IP address can be determined.
 Other surveillance technologies used are: cookies, Global
Unique Identifies (GUID), Web Bugs, e-mail or document
bugs, spy ware & online digital Profiling.
1. Cookies-
It is a block of text (digital identification tags) which the
website places in a file on a computer hard disk of a person
to track his activity.
2. GUID-
Globally Unique Identifier (GUID) is software embedded in
the computers hardware. It can be read remotely from across
the network. For example on emay find GUID embedded on
Ethernet cards, used in LAN. The result would be
eavesdropping of all the computers connected through LAN.
3. Web Bugs-
These are being increasingly used by online advertisers to create
users database. It occurs even though the person has not
clicked on the banner ad.

4. SPYWARE-
Some software developers have included code with in their
applications that cause the user’s computer to transmit
information back to the software developer Via Internet.
Privacy & Data Protection Issues in IT Age
BPO & Call Centre -
India is preferred destination for offshore Business
Outsourcing (Financial, Education, Legal, Banking,
Healthcare, Marketing, Telecommunications services).

Telemarketing-
India is faced with a new phenomenon called telemarketing
which has invaded millions of hapless Indians thanks to the
widespread use of mobile phones and multiplicity of mobile
telephone service providers in India.
 The tranquility and comfort of an individual’s home or the
peaceful conduct of business in an organization is rudely
interrupted by telephone calls made by telemarketing
executives on behalf of banks, financial institutions, mobile
phone companies etc. with offers of low-interest loans, free
credit cards & the like. Clearly there violation of personal
privacy caused by such calls.
 Besides invading their privacy, such calls also have great
potential for annoyance to the recipients since oftentimes they
are offered what they do not ever want or what they already
have.
 If the recipient is out of th local area of the service provider,
she/ he will have the additional liability of paying roaming
charges for such unsolicited calls.
 Sun Report in U.K.
In June, 2005 one Indian BPO call centre was in
the eye of the storm when one of its employees
sold personal data belonging to large number of
British Nationals to an undercover reporter from
the British tabloid ‘The Sun’
 The recent judgment of the Delhi State
Consumer Disputes Redressal Commission (the
‘commission’0, which imposed total fine of Rs.
75 Lakhs on Airtel, the Cellular Operators
Association of India , ICICI Bank & American
Express Bank on a complaint of consumer
harassment by unsolicited telemarketing calls &
text messages assumes enormous significance.
 India’s constitution provides protection for citizens privacy
rights. Also, Sec. 427 of Indian Telegraph rules, 1951, inter
alia provides that telephone should not be used to disturb or
irritate any persons or to transit any massage for
communication which may annoy a person.
 Guidelines of Organization for Economic Co-operation &
Development

1. Collection Limitation Principle-

There should be limits to the collection of personal data &
any such data should be obtained by lawful & fair means
and, where appropriate, with the knowledge or consent of
the data subject.

2. Data quality principle-

Personal data should be relevant to the purposes for which
they are to be used, and to the extent necessary for those
purposes, should be accurate, complete and kept up-to-date.
3. Purpose specification principle-
The purpose for which personal data are collected should be
specified not later than at the time of data collection and the
subsequent use limited to the fulfillment of those purposes.

4. Use limitation Principle-

Personal Data should not be disclosed, made available or
otherwise used except:
a) With the consent of the data subject, or
b) By the authority of law.
5. Security Safeguards Principle-
Personal data should be protected by reasonable security
safeguards against such risks as loss or unauthorized access,
destruction, use, modification or disclosure of data.

6. Accountability Principle-
A data controller should be accountable for complying with
measures which give effect to the principles stated above.
 Position in U.K.
As the range of information technology has expanded so the
law has adjusted & developed to deal with the new
challenges it presents.

 Data Protection in UK: Data Protection Act 1998

The data protection Act came into force in March 2000.
It does not mention privacy, but provides a way for
individuals to enforce control on information.
Conti..

 Definition of Data Protection:

1. Prevention of misuse of personal data legal safeguards to
prevent misuse of information about individual people on a
medium including computers.

2. Installation of Safeguard of Personal Data:

The adoption of administrative, technical or physical
deterrents to safeguard personal data.
Conti..

 Principles of data protection in UK

Personal data shall be processes in according to rights under

this act.

No transfer of personal data outside the European economic

area unless that country or territory ensures an adequate level
of protection for the rights & freedoms of data subjects in
relation to the processing of personal data.
Cont…

 Personal Data
Personal Data relates to a living individual who can be
identified
1. From the data & other information in the possession of , or
likely to come into the possession of, data controller.
2. Physical & Mental Condition
 Data protection Principles
Personal data shall
1. Be obtained & processed fairly & Lawfully.
2. Be held only for lawful purposes, which are described
in the register entry.
3. Be used or disclosed only for lawful or compatible
purposes.
4. Be accurate & , where necessary, kept up to date.
5. Be surrounded by proper security.
Cont..
 Exceptions
Sec. 28- National Security Processing of Data, which do not
safeguard national security not allowed.

Sec. 29- Crime & Taxation

Data processed for the prevention or detection crime, the
apprehension or prosecution of offenders, or the assessment or
collection of taxes are exempt from the first data protection
principle.
Cont..

 Section 36- Domestic Purposes

Processing by an individual only for the purposes of that
individual’s personal, family or household affairs.
 Data Protection in Europe

There are two important policies in Europe in relation to data

protection.
1. The Council of Europe’s Convention on Data Protection &
2. The EU Data Directive.

1. The Council of Europe’s Convention on Data Protection

The convention recognizes the right to privacy as one of the
fundamental human rights.
2. EU Directive- The EU Data protection Directive reaffirms
the principals of council of Europe Convention.
“ Privacy is the interest that individuals have in
sustaining a ‘personal space’,
free from interference by other people
and organisations”