AMITY UNIVERSITY

AMITY LAW SCHOOL, LUCKNOW CAMPUS

SUBJECT
CYBER LAW

TOPIC
Right to privacy under Cyber Law

B.Com L.L.B (H)

6th semester

Submitted to: Submitted by:

Mr. Bhanu Pratap Malvika Bajpai
ALS
 PREFACE

This project added new insights to my personality. It infused in me a

spirit of analysis, experimentation, curiosity and judgement. It also
helped to inculcate the qualities of self-leading and of taking self-
decisions. To the best of my ability and with my teacher’s guidance and
moral support, I have been able to complete this project on “Right to
privacy under Cyber Law”.
 ACKNOWLEGMENT

Typically the education of a project requires the support of many people. In

these words I would like to show my gratitude to my teacher Mr.
Bhanu Pratap who gave me the golden opportunity to do their
wonderful project on the topic “Right to privacy under Cyber
Law”, which also helped me in doing a lot of Research
and I came to know about so many new things. I’m really thankful to
them.

Malvika Bajpai
INTRODUCTION

WHAT IS PRIVACY IN INTERNET?

With the development of the Internet into a ‘global market place’,
the world has seen a sudden emergence of new, speedy means of
communication. Not only has the internet emerged as a lucrative
centre for the commercial transactions, it has also grown into an
area where individuals from different corners of the world get to
communicate freely and cost-effectively.
Communication, speech and expression undoubtedly constitute
some of the most basic liberties of individuals and, to a large
extent, can be considered inalienable. In the Indian context these
rights are given statutory recognition in part III of the
Constitution.
As a necessary corollary to the freedom to communicate and
speak, is the fact that this must be allowed with as little state
interference as possible, i.e., in the absence of state intrusion and
interference into the content of the communication. This
immediately raises the controversial issue of the ‘right to privacy’.
The right to privacy, it can be said, is considered a logical
corollary to the liberty to speak and express oneself.
An important point to note is that the Indian constitution does
not include the ‘right to privacy’ as a fundamental right. Its
existence, therefore, as a constitutionally guaranteed fundamental
right is debatable. Nevertheless, the judiciary has, on more than
once occasion, opined that the right is implicit in the right under
Article 21, which provides that no person shall be deprived of his
life and personal liberty without a procedure established by law.
RIGHT TO PRIVACY UNDER CYBER LAW
There is a common misconception that the right to privacy is
merely a weapon to ensure confidentiality in human affairs.
Confidentiality is, no doubt, one element in the panorama of
rights covered by the right to privacy, but it is just that one
element. It must not be forgotten that the right to confidentiality
only arises after information regarding human transactions or
affairs have reached third parties. It has to be recognised that the
right to privacy extends over the entire gamut of collection,
retention, use and disclosure of information. It stems out the
basic human desire for a secure identity of one’s own and, to that
extent, cannot be denied.

In this context, it may be said that privacy involves the right to

control one’s personal information and the ability to determine if
and how that information should be obtained and used.

It may be necessary to examine the guidelines along which the

extent of the right to privacy may be determined. The guidelines,
which may be generally taken as accepted, have been framed by a
European organization, named the Organisation for Economic
Co-operation and Development, in 1980.
The principles are as follows:

 Firstly, collection of personal data should be done with the

consent of the person and lawfully.
 Secondly, the data collected should be pertinent to the
subject under investigation. Therefore, for example, a man’s
medical problems ought not to be investigated while data on
his tax returns is being collected.
 Thirdly, the purpose as to collection ought to be clearly
specified.
 Fourthly, such data should not be further used except
without express consent of the subject and under the
sanction of the law.
 Fifthly, there ought to be adequate security safeguards so as
to prevent leakage of data into the hands of unauthorised
persons or the destruction of classified material.
 Sixthly, there ought to be a higher degree of accountability
detailing the persons who are in charge of the process of
collection and this is linked with the next point, which deals
with the individual’s participation in the process of data
collection.
 Seventhly, the individual should have the right to confirm
whether there is any data on him and whether such data is
pertinent or relevant to the purpose for which it is collected.
  He should also have the right to access any data dealing with
him at any time as may be convenient to him and such data
should be made completely available to him in a reasonable
manner and if the data collected is not entirely accurate he
should have the opportunity to point out the facilities that
may exist.

These then may be said to be the broad principles governing the

existence of the slightly ambiguous right to confidentiality.

The right to privacy has been held by the Hon’ble Supreme Court 1
as an integral part of the fundamental right to life under Article 21
of The Constitution of India. Privacy concerns exist wherever
uniquely identifiable data relating to a person or persons are
collected and stored, in digital form or otherwise. In some cases
these concerns refer to how data is collected, stored, and
associated. In other cases the issue is who is given access to
information. Other issues include whether an individual has any
ownership rights to data about them, and/or the right to view,
verify, and challenge that information
various types of personal information often come under privacy
concerns. For various reasons, individuals may not wish for
personal information such as their religion, sexual orientation,
political affiliations, or personal activities to be revealed.2

1
R. Rajagopal v. State of T.N. [(1994) 6 SCC 632]
2
http://astrealegal.com/right-of-privacy-in-the-light-of-cyber-law; 03/02/2014; 06:32 p.m
This may be to avoid discrimination, personal embarrassment, or
damage to one’s professional reputation.

Spamming, sending unsolicited mails and websites collecting

information about individual surfers and selling it off for
monetary considerations lead to violation of their privacy in
cyberspace.
Telephone – Tapping is a serious invasion of an individual’s
privacy. With the growth of highly sophisticated communication
technology, the right to a telephone conversation, in the privacy of
one’s home or office without interference, is increasingly
susceptible to abuse.3

There is no comprehensive legislation on privacy in our country.

As such it has been left to the Judiciary to interpret privacy within
existing legislations. On April 11, 2011, India’s Ministry of
Communications and Information Technology notified the
Information Technology (Reasonable security practices and
procedures and sensitive personal data or information) Rules,
2011 under the Information Technology Act, 2000. India now has
a privacy law, brought into force with immediate effect with wide
ramifications on the way companies will do business in India.
The firm is competent to deal with cases involving invasion of
privacy even in the absence of a suitable law governing this issue.

3
http://astrealegal.com/right-of-privacy-in-the-light-of-cyber-law; 08/02/2014; 12:45 p.m
The firm puts all its experience into use in handling cases arising
out of:

 Insecure electronic transmissions

 Data trails and logs of email messages
 Online transactions
 Tracking of web pages visited
 Phone tapping
 Spamming
 Unauthorized Access
 Identity theft

In this information technology era a special attention must be

paid to the privacy rights in India in the information age. We
believe that data protection requirements are essential part
of civil liberties protection in cyberspace. With the growing use of
information and communication technology (ICT), data
protection requirement has become very important. It would not
be wrong to assume privacy and data protection rights as integral
part of human rights protection in cyberspace.4

However, despite the importance of these fields, till now we lack

legal frameworks in the fields of data security, data protection
and privacy protection. We urgently need to formulate data
protection law in India and privacy laws in India.

4
http://perry4law.org/cecsrdi/?topic=privacy-rights-and-laws-in-india; 08/02/2014; 01:00 p.m
It is safe to assume that the privacy of individuals is certainly a
concern of the law. Taking this as a given, we can go on to
examine what the legal and policy response is and what it ought
to be. Fundamentally, there are various approaches that may be
taken:

 Legislation
 Self-Regulation
 Reliance on Trustworthy Third Parties who will set and
enforce standards
Most legal systems will be a mixture of these approaches,
something that can easily be seen in the US.

THE U.S POSITION

The Federal Trade Commission (FTC) has made a key role in the
development of the response of the US Federal Legal system to
the issue of information and data. In 1998, it brought out a report
called Privacy Online, which was a report to the Congress which
was the result of a three year privacy initiative. The report
recognised of four core principles:

1. Notice Principle:
Consumers must be given notice of an entities information
practices.
 2. Choice Principle:
They must have a choice with respect to use and
discrimination of information.

3. Access Principle:
Data provider should have access to current data.

4. Security Principle:
Consumers must have sufficient security from the data
collector.

DATA PROTECTION IN UK

The Data Protection Act, 1998 came into force recently, on the 1 st
of March, 2000. It lays down rules for processing personal
information and applies to paper records as well as those held on
computers. The Rules provide that anyone processing personal
data must comply with the eight enforceable principles of good
practice. That data must be:

 Fairly & lawfully processed

 Processed for limited purposes
 Adequate, relevant & not excessive
 Accurate
 Not kept longer than necessary
 Processed in accordance with the data subject’s rights
 Secure
 Not transferred to countries without adequate protection
PRIVACY UNDER INDIAN IT ACT, 2000 [section 72]

This provision deals only with information collected by a person

who secures the information in pursuance of powers that he/she
exercises under the act. When it comes to protection, TRUST is
an independent NPO and it was the first online privacy SEAL 5
programme. It provides a monitoring and oversight programme
and even a complaint procedure. It includes third party
monitoring and periodic reviews of licenses to ensure compliens
with programme requirement. TRUST examines and monitors
changes in licenses privacy statement and tracks unique
identifiers in their database to determine whether consumers
requests to remove themselves from the database.

Licensee must respond to all the reasonable enquiries within five

days. TRUST also plays a part in resolving consumer complaints.
It also provides for public reporting of complains and
inappropriate circumstances it will refer the cases to the
commission. In case of breach, imprisonment for a term is
sentenced which may extend to 2yrs and there is also a provision
of fine up to Rs. 100,000.

5
The online SEAL programme require these licenses to abide by course of online information practices and to
submit to various types of complaints, in order to display a SEAL on their website.
CONCLUSION
True, the right to privacy is recognised as inherent in the right to
life with dignity in Article 21 and the right to freedom of speech
and expression in Article 19. Neither of these can and should e
allowed to stand as an impediment in curbing activities
prejudicial to national security and interests. Not surprisingly,
both these rights contain express conditions when they may be
deprived.

At the same time, he balance cannot be allowed to tilt completely

to one side, so as to negate the basic liberties, even when not
absolutely essential. The only way out is a compromise between
the two extremes. The Supreme Court of India must expand
privacy rights in India as that is the need of hour.

However, in the ultimate analysis, it is the constitutional duty of

Indian Parliament to do the needful in this direction. Indian
Parliament must enact sound and effective privacy and data
protection laws for India as soon as possible.
BIBLIOGRAPHY

 Law Relating to Computers, Internet & E-commerce by Nandan

Kamath

 Referred to Notes given teacher

 http://perry4law.org/cecsrdi/?topic=privacy-rights-and-laws-in-

india

 http://cyberlawsinindia.blogspot.in/2011/04/draft-right-to-privacy-

bill-2011-of.html

 http://astrealegal.com/right-of-privacy-in-the-light-of-cyber-law