Privacy in the Cyberworld

Anonymity often considered a cornerstone of democracy. The internet has been proved to be a boon as well as a bane. While it does certainly make communication easier and brings the world closer. It also brings along with it bullying, hacking and several other forms of invasion of privacy and individual dignity. Crimes have significantly increased in the digital age. 

Documentaries such as Snowden and several newspaper articles and expose’s by several leading newspapers and blogs reveal how atrocious the truth is.

Snowden which is based on the whistleblower, Edward Snowden. A former Central Intelligence Agency (USA) employee who famously leaked several classified documents from the National Security Agency in 2013. It exposed the illegal surveillance techniques used by the NSA. It also revealed the virtual mountain of data being assembled to track all forms of digital communication — not just from foreign governments and terrorist groups, but from ordinary Americans. The documentary details how even smartphone cameras have been hacked by the US government. Stringent laws are needed in order to protect and safeguard our right to privacy. Privacy is a basic human right recognized all over the world and in cyberspace, it is the most flagrantly violated right of the individual. 

Privacy in the Cyberworld

Ever wondered why you spend hours on the internet and somehow find content that always interests you? This is due to a set of algorithms contained in all social media platforms that store and analyse your likes and dislikes and present new content to you accordingly. One might be naive and wonder what’s the harm in just collecting your preferences. Then the shocking case of Cambridge Analytica last year proved otherwise. 

Social media network Facebook revealed that the data of 87 million users, including 5 lakh Indian users, was shared with Cambridge Analytica; a European firm which collected this data and evaluated it in order to influence voting citizens.  The firm has been accused of helping current (then running) US president, Donald Trump unfairly win the elections.

Privacy as defined by Wikipedia, ‘is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals.’

The constitution of India guarantees us the Right to Privacy under Article 21. In 2017 right to privacy was made a fundamental right under the Justice K.S. Puttaswamy vs Union of India case. The judgement clarified its opinion stating, ‘privacy is a fundamental inalienable right, intrinsic to human dignity and liberty.’ 

The landmark judgement is set to change the entire scenario of future consumer and digital laws. It aims to protect the privacy of the citizen and also keep the government taking a copious amount of data in check. The judgment underlines the importance of informational privacy. It will prompt the corporates to adopt better policies to protect your privacy. They’ll be required to reveal their data collection practices and the usage of that data in a clearer manner. It’ll also be a responsibility of the government to ensure that the prescribed parameters are followed by all private players. Although there isn’t much hope for changes in governmental surveillance.

The term “cybersecurity” has been defined in section 2(nb) of the IT Act as, “protecting the information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction”.

Since the 2017 ruling, India’s tech industry is more inclined than ever to respect and monitor data usage and storage. Microsoft India even launched free online courses to teach businesses, legal professionals and individuals to understand data compliance and various other practices in security. Indian banks and insurance companies are among the early movers in building block chain infrastructure, which can safeguard customer data.

Privacy in the Cyberworld

In light of such events, the EU recently enacted the General Data Protection Regulation (GDPR) which establishes the right to privacy as one of the fundamental rights. It requires explicit consent from consumers for the usage of their data. The Personal Data Protection Bill 2018 in India follows the implementation of the GDPR and has also taken cues from the legal frameworks in other countries.

India alone has about 71 million internet users. About 12000 cases have been registered under cyber crime. There are currently no laws in India requiring websites to disclose how the information they gather about visitors is used, and online businesses are largely free to use data obtained on their websites without oversight by the consumer. In India, consumers have no statutory right to control the dissemination of their personal information to others by third parties. 

Currently, there are two major laws that regulate digital and telephonic surveillance, respectively: the Information Technology Act, 2000 (the “IT Act”) and the Indian Telegraph Act, 1885 (the “Telegraph Act”). Section 5 of the Telegraph Act empowers the central and state government to order the interception of messages in cases like a public emergency, expeditions in the interest of the sovereignty and integrity of the country etc. Rule 49A was later added in 2007 to provide that orders for the interception of communications must be issued by the Secretary in the Ministry of Home Affairs.

The IT Act, on the other hand widely regulates the interception, monitoring, decryption and collection of information of digital communications in India. More specifically, section 69 of the IT Act empowers the Central In 2007, Rule 419A was added to the Indian Telegraph Rules (1951) framed under the Indian Telegraph Act. These Rules provide that orders for the interception of communications must be issued by the Secretary in the Ministry of Home Affairs in the case of the Central Government and the Secretary to the State Government in-charge of the Home Department in the case of a State Government. Although the information technology act, 2000 did provide a few guidelines for data collection. No rules were provided to direct how the data is to be stored, the user’s consent as well as the norms for data processing.

Several incidents under violation of data privacy have been observed in India. A recent example was that Indian Cricketer M.S. Dhoni’s aadhar card was circulating on WhatsApp. It appalled several citizens as to how such an important document was circulating on a common sharing platform.

Another incident is the Blackberry controversy of 2008. Through a series of contracts, the Indian government has enabled itself to monitor the exchange of emails. Several intelligence agencies across the world have been accused of hacking and surveying media platforms of millions of citizens without their consent.

The Personal Data Protection Bill 2018, drafted by the Srikrishna Committee essentially makes individual consent central to data sharing. Headed by retired Supreme Court judge BN Srikrishna, the committee made several recommendations, which include the jurisdiction of processing personal data, setting up an independent regulatory body for enforcing the data protection law and heavy penalties for violating this law, among other clauses. Moreover, this draft bill is expected to apply to data collected by private and government entities in India.

A key recommendation made by the committee was that companies that used large amounts of data should register themselves as significant data fiduciaries to the Data Protection Authority.

Rama Vedashree, CEO of DSCI and member of the ten-membered Srikrishna Committee, said, “The digital economy should aim to benefit citizens. With the proliferation of information and digital technologies, the technology sector should strengthen citizen safety and security in the digital environment. Moreover, user awareness towards their privacy has been on the rise. We will see consumers making more privacy-conscious decisions and associating certain brands that provide greater privacy controls as better options.” 

After thorough analysis legal experts believe that the bill which is heavily inspired by the European GDPR does have its positives, is still unambiguous in various areas.

The internet is a dangerous place. Threats and risks are deeply inscribed within its very algorithm. Many times one is unable to identify the criminal and the victims due to several other platforms which can disguise them and protect them. Hackers have several times revealed personal information of various people especially celebrities. They have also used it as a blackmailing tool. Since nowadays most of the important documents are filed online. It is very easy to access this information illegally in the deep web. Incidents like the Facebook controversy can act as an exemplary to show the dire need for more robust privacy laws that protect our citizens.