PRIVACY AND DATA PROTECTION

A SYSTEMATIC REVIEW OVER DIGITAL PRIVACY: MYTH OR REALITY

Author:
Milane Parekh
BBA.LL.B. (Hons),
Saveetha School of Law,
Saveetha Institute of Medical and Technical Sciences (SIMATS),
Chennai- 600 077.
Email: milaneparekh2602@gmail.com
Phone: 9940666135

Co-Author:
Yash Bafna
BBA.LL.B. (Hons),
Saveetha School of Law,
Saveetha Institute of Medical and Technical Sciences (SIMATS),
Chennai- 600 077.
Email: pyashbafna2003@gmail.com
Phone: 9500111713
 A SYSTEMATIC REVIEW OVER DIGITAL PRIVACY: MYTH OR REALITY

ABSTRACT :
Milane Parekh1
Yash Bafna2

This paper systematically reviews the issues associated with digital privacy. The protection of
a person's information that is utilised or created when surfing the Internet is referred to as
digital privacy. In theory, privacy is easily defined, but in practice, it is more difficult. Our
online experience has been drastically changed by ongoing technological advancements. We
now use the internet for more than simply work and study; we also use it to shop, explore,
connect, and express ourselves. We inadvertently share copious amounts of confidential
information over unsecured networks that are eventually looted across the world. As a result,
all the information about who we are and our way of life has been compromised. This paper
aims to understand how privacy has become an illusion in this rapidly evolving technological
age. It further analyses if people are aware of their status of privacy on digital platforms. The
youth are the subject of the article since they are the age group that uses the internet and other
digital platforms the most frequently. They tend to share a lot of information about
themselves because they are frequent users, which leaves them open to potential threats. In
order to determine whether privacy is a genuine worry for individuals and, if so, whether it
exists, the author analyses and evaluates data collected from the general public. Concern over
privacy on the internet, which holds a variety of information, has increased due to an increase
in cybercrime. This makes the present research paper, which examines the privacy protection
offered over the digital space. The study does make a few recommendations for
implementation to lessen privacy violations and improve data protection while remaining
optimistic about the subject.

KEYWORDS: Privacy, Digital, Internet, Cybercrime, Personal Information

1
Milane Parekh, BBA.LL.B. (Hons), Saveetha School of Law, Saveetha Institute of Medical and Technical
Sciences (SIMATS), Chennai- 600 077. Email: milaneparekh2602@gmail.com, Phone: 9940666135
2
Yash Bafna, BBA.LL.B. (Hons), Saveetha School of Law, Saveetha Institute of Medical and Technical
Sciences (SIMATS), Chennai- 600 077. Email: pyashbafna2003@gmail.com, Phone: 9500111713
 1. INTRODUCTION

Privacy is something that shouldn't interfere with other people's interests. Due to
technological innovation, privacy is now a concern for everyone, and it also places a strong
emphasis on data protection. Privacy can refer to both personally identifying information
(PII) and non-personally identifying information (non-PII), such as online user activity. Any
data that can be used to identify an individual is referred to as PII. For instance, age and
physical address by themselves could reveal a person's identity without explicitly revealing
their name because these two characteristics are often sufficient to do so. Internet privacy
refers to the requirement or right of individual privacy with regard to the online collection,
use, distribution, and display of one's own information. Data privacy includes internet
privacy. In recent years, tradeoffs between giving up this protection from one standpoint and
gaining a few advantages from another have made informational privacy a fiercely contested
aspect of security. Advances in information technology have raised concerns about
information privacy and its impacts, and have motivated an increasing number of people to
use the Internet, in many instances unaware of the information being collected about them. In
contrast, other people concerned about privacy and security issues are limiting their use of the
internet, such as abstaining from purchasing products online or avoiding the use of social
media. The economy has advanced thanks to modernization, industrialization, and the
appearance of innovation, but this has also led to an increase in fraud and crime rates.
Numerous ethical and legal issues, such as the violation of the right to privacy, have been
brought about by this paradigm shift. All transactions are now completed online in today's
high-tech society. Online sharing of private information has increased the risk of people
falling victim to social evils. With advancements in coding, anyone may easily hack into
accounts to recover private, important information and archives. When one is scrolling
through your go-to social media app, they are physically alone. However, they are also
“watched or interrupted by other people.” While they may not be in the same room, they are
still a number on a screen for someone. On top of that, they are constantly interrupted by ads
that interfere with your videos, articles, and browsing. Although this situation may feel
private, it is not. 3We can look at our personal data as something hackers either directly
exploit or use as soon as they get a hold of it. It’s also something they can trade with other
cybercriminal organisations. So, personal data is commoditized. It has a price.

3
Bogdan Botezatu (Director of Threat Research and Reporting, Bitdefender)
Your medical data, your financial history, your credit card data, your online shopping
preferences have a price. There are two ways people usually find out their information was
exposed online. They either read the news and discover that a service provider or a company
they use has been breached and some of their personal information may have been leaked
online. Or, if it doesn’t make the news, they sometimes get an email from the breached
company notifying them that Hey, there’s been a breach. Your personal information may
have been affected.”4 The information we have might be trivial for us. We all know where we
live, what our date of birth is, what shopping history we have and so on. But aggregated, this
information depicts a very, very complex and accurate overview of what our lives look like.
And most of the time, we cannot revoke the access we have already granted to
organisations.”5 Privacy is not a new concept. It existed before the era of the current
telecommunications networks and technologies6. Privacy is a natural action or reaction
of individuals as one of their rights in public. For example, sealing an envelope or closing
the door reminds us of privacy. The evolving and rapid advancement of new
technologies such as the telecommunication networks and in particular, the Internet,
especially, after Berners-Lee presented a project in 1991 to permit links to be created
to any information anywhere, are known today as the “WorldWideWeb (WWW)”7.
The use of the Internet has increased rapidly. The Internet is now considered a part of our
daily lives. The privacy concerns of Internet users have increased and the signs of these
concerns started to appear from the middle of the 1990s after the commercial
development of the WWW browser in 1994. This paper is going to present the meaning of
privacy and the implications of it for Internet users. Also, this paper will demonstrate
some of the issues that are presented in the literature, as well as exploring different
authors’ perspectives on Internet and Privacy concerns, because this concept is linked
with several dimensions such as the personal body, personal behaviour and currently,
personal communications and personal information. These dimensions are governed by
certain laws and policies which form the dimensions based on these laws and policy
legislations. There are several aspects of privacy, privacy issues associated with the
use of the Internet are most likely appointed under communications privacy, involving the
user of the Internet’s personal information and activities, and the disclosure of them
online (Paine et al., 2006a).

4
Liviu Arsene (Senior E-Threat Analyst, Bitdefender)
5
Bogdan Botezatu (Director of Threat Research and Reporting, Bitdefender)
6
Tavani, 1999
7
Rhyno, 2003)
Pew Research Institute study from this summer revealed that 86 percent of Americans have
taken action to maintain anonymity online — deleting cookies, encrypting email and/or
protecting their IP address. Another telling metric from that report states that 50 percent of
Internet users say they are worried about the information available about them online, up
from 33 percent in 2009.

Additionally, an AnchorFree study from June 2013 that polled 1,200 U.S. and U.K. college
students revealed similar sentiments with 82 percent responding that they were concerned
about keeping their data private. Those are important developments indicative of a changing
tide in attitudes toward online privacy.

But everyone needs to do even more. A recent Verizon study of global law enforcement data
found that data breaches have more than doubled since 2009. Cyber fraud perpetrated against
individuals is growing at 15 to20 percent a year, according to the FTC.

2. OBJECTIVES

a. To analyse if privacy really does exist in digital space.

b. To examine how privacy has become an illusion in this rapidly evolving
technological age.
c. To understand if people are aware of their status of privacy on digital
platforms

3. PRESENT LEGISLATIONS

a. Article 21

The Indian Constitution's Article 21 establishes the basis for the many rights granted to its
citizens and has extreme significance in a free and democratic society. It is one of the Indian
Constitution's most organic and progressive provisions, serving as the cornerstone upon
which all other laws in our nation are based. In Article 21 and other international human
rights documents, the right to privacy is recognised as a fundamental component of upholding
human dignity and as a fundamental, inalienable right that is essential to all people. In the
case of Justice K.S. Puttaswamy (Retd) vs Union of India, the Supreme Court expanded the
purview of Article 21 and said that the Right to Life and Liberty, as stated in Article 21, also
included the right to privacy. Since Article 21 falls under Part III of the Indian Constitution,
which deals with fundamental rights, the right to privacy thus automatically became a
fundamental right after the judgement. Since then, the right to privacy has been a
fundamental right in India.

b. Information Technology Act, 2000

The main legislation governing digital privacy in India is the Information Technology Act,
2000 and the Information Technology (Reasonable security practices and procedures and
sensitive personal data or information) Rules, 2011.

The Information Technology Act (IT Act) is a broad-based legislation that covers a wide
range of issues related to the use of information technology in India. It addresses various
aspects of electronic commerce, including the legal recognition of electronic contracts and
documents, the liability of intermediaries for third-party content, and the regulation of
cybercrimes.

The IT Act defines the rights and obligations of "body corporates" (i.e., companies) handling
personal data. It requires them to implement reasonable security practices and procedures to
protect personal data, and to obtain the prior consent of the individual before collecting
sensitive personal data. It also gives individuals the right to access and correct their personal
data and sensitive personal data that is being held by a body corporate8.

The Information Technology (Reasonable security practices and procedures and sensitive
personal data or information) Rules, 2011 (the "IT Rules") were notified by the Indian
government in April 2011 to further clarify and expand upon the provisions of the IT Act
related to data protection and privacy. The IT Rules define what constitutes sensitive personal
data, and set out the conditions under which such data can be collected, used, and disclosed.
They also provide for the appointment of a "Privacy Officer" by body corporates to ensure
compliance with the IT Act and the IT Rules.

8
The IT Act, sec.43, 2000.
 c. Data Protection under Indian Penal Code 1860

Criminal laws in India are related to the area of data protection and privacy. The Indian Penal
Code 1860 ("IPC") provisions can be applied as a practical tool to penalise data thieves. Data
infringement and data theft are not specifically mentioned in the IPC's rules on property
crimes, which include dishonest misappropriation, theft, and criminal breach of trust. The
definition of theft and associated penalties are provided by Sections 378 and 379 of the IPC,
respectively.

To constitute a theft, there should be dishonest intention, presence of movable property,

taking the possession of a movable property without consent, and moving the property to
complete its taking. If we analyse the notion of data infringement or data theft, factors that
are defined as theft in the IPC are present in it. The definition of "movable property" under
Section 22 of the IPC states that it includes corporeal property, with the exception of land and
items affixed to or permanently fastened to anything attached to the earth. Although data is an
immovable asset, it might fall under the purview of Section 378 of the IPC if it is transferred
and stored on a CD, floppy disc, pen drive, or hard drive, and if it is stolen. In contrast, when
electronic material is delivered by intangible means like email and cloud drives, it cannot be
considered stealing. Similarly, Section 403 of IPC defining dishonest misappropriation of
movable property can also be made applicable to data theft, subject to amendment of
provisions to include assets that are immovable and intangible.

Data theft can even be covered under Section 405 read along with Section 406, which
describe criminal breach of trust and associated penalties, respectively. A criminal breach of
trust is when property is dishonestly converted, misappropriated, used, or disposed of in
violation of a contract or other agreement. Data is included in the scope of this clause since it
uses the word "property" and not "movable property" expressly.

4. PRIVACY - A BIGGER DEAL!

To do something about your online privacy, you first have to believe it is worth it.
Everything from how technology develops to how this development affects your personal
safety and security involves online privacy. Doxing, harassment, extortion, and swatting are
some of the actual, "offline" risks that poor online privacy creates. We can think of our
personal information as something that hackers either utilise right away or directly exploit.
Additionally, they can trade it with other cybercriminal groups. Personal data is now a
commodity. It has a price. Your medical information, financial background, credit card
information, and internet shopping preferences all have a cost.9 In his paper he analysed that
internet privacy is important because it gives you control over your identity and personal
information. Without that control, anyone with the intention and means can manipulate your
identity to serve their goals, whether it is selling you a more expensive vacation or stealing
your savings.10

The browser is probably the app you use the most on your devices - consciously or not. Each
time you open a link or run an online search, your default browser is one of the main ways
you connect to the Internet. You may even have let it remember your passwords.
Cyber-criminals know that too! And they’re going after everything in it through malicious
extensions, infected ads, links that lead to scam websites, and a lot more. Security and
privacy risks usually come as a combo. Besides cyber-crooks and scammers, companies can
also build an accurate profile of you based on your browser history. There are two ways
people usually find out their information was exposed online. They either read the news and
discover that a service provider or a company they use has been breached and some of their
personal information may have been leaked online. Or, if it doesn’t make the news, they
sometimes get an email from the breached company notifying them that, Hey, there’s been a
breach. Your personal information may have been affected.” 11

Your online privacy has everything to do with your security on and off the Internet. Relying
on default settings for everything and using the simplest passwords you can set makes you an
easy target for cyber criminals.

Malicious hackers combine their tech skills with psychological manipulation to exploit your
habits and preferences so that you will click, tap, download, and open their traps. They bait

9
Liviu Arsene (Senior E-Threat Analyst, Bitdefender)
10
Michael Onugha, Bournemouth University
11
Liviu Arsene (Senior E-Threat Analyst, Bitdefender)
you into opening deceiving emails (phishing), taping links in misleading messages on your
phone (smishing), or even providing personal data in fake phone calls (vishing). Their attacks
almost always include malicious software designed to capture everything you type on your
device (keyloggers) and collect your usernames and passwords. They will later use them
against you to steal your money, access confidential information, or simply make your life
hell.

The information we have might be trivial for us. We all know where we live, what our date of
birth is, what shopping history we have and so on. But aggregated, this information depicts a
very, very complex and accurate overview of what our lives look like. And most of the time,
we cannot revoke the access we have already granted to organisations.12

Internet security is not only a matter of concern for regular citizens, but also to companies
and governments all over the world. That’s because in this Digital Age, catching crooks or
spies is harder than ever before. And with technology changing constantly, regular antivirus
apps are many times not efficient enough to protect us.

Cyberbullying or cyber harassment enables users to abuse others by using electronic means,
and most of the times, by taking advantage of online anonymity. Bullying can include
anything from spreading rumours, making sarcastic, sexual or mean remarks, threatening and
so on.

The consequences of cyber harassment can be highly damaging and upsetting, and many
times they can lead to serious, long lasting results.

5. PRIVACY IS A MYTH - A REALITY CHECK.

Our privacy has been invaded by all digital means, which are used on a daily basis. This
could be understood by taking two most commonly used platforms, Whatsapp and Google,
which are a major source for various third parties for our private information.

a. Whatsapp

12
Bogdan Botezatu (Director of Threat Research and Reporting, Bitdefender)
Whatsapp is a messaging platform, which allows its users to send text and voice messages,
make voice and video calls, and share images, documents, user locations, and other content.
A Special Leave Petition was filed by Sareen, which argues that the WhatsApp Privacy
Policy violates Section 72 of the Information Technology Act. Section 72 is a provision
penalising breach of confidentiality and privacy. The petitioners claim that since WhatsApp
has been sharing such information, it is in direct contravention of this section. It is alleged
that WhatsApp is also violating the Information Technology (Reasonable security practices
and procedures and sensitive personal data or information) Rules, 2011, which mandate full
and true disclosures with respect to Privacy Policies. At last, since WhatsApp is sharing
personal user information with Meta companies, it is in violation of the Right to Privacy
which is now a fundamental right within the ambit of Article 21.

The updated policy also mentions collecting IP addresses, and other information like phone
numbers and area codes are likely to point to the location of the user even if the location data
is explicitly not collected. The biggest worry is that as part of the new policy, WhatsApp may
start processing payment/transactional information of its users, and it includes the transaction
amount, shipping details, amongst others.

Every ‘free’ mobile phone application comes with a heavy price — the applications not only
learn your preferences, location, usage patterns and other applications you use, but many can
also mine personal data if it's malware or spyware.

b. Google
Google provides a wide range of services which includes search engine technology, online
advertising, cloud computing, computer software, quantum computing, e-commerce, artificial
intelligence, and consumer electronics. Google collects data about how its user uses its
devices, apps, and services. This ranges from your browsing behaviour, Gmail and YouTube
activity, location history, Google searches, online purchases, and more. Basically, anything
that’s connected to Google is likely used to collect data on the user’s activity and preferences.

With all the data Google gathers across all of its platforms, services, products, and devices, it
builds a detailed advertising profile, including your gender, age range, job industry, and
interests. This helps them use targeted advertising to serve Google ads.
Google does use private data to help advertisers and third parties show people relevant and
targeted ads in Google products, on partner websites, and in mobile apps. According to the
Google Safety Center, they might use information without identifying personally, including
the user’s Google searches, location history, websites and apps you use, videos or ads you’ve
seen, and other personal data like your age or gender.

6. Privacy A Losing game!

People have taken their privacy for granted, which is resulting in invasion of their privacy,
paving way to other atrocious activities. India remains synonymous with data breaches.
Recently, cybersecurity’s data monitoring firm Surfshark revealed that 1 out of 5 Indians had
been affected by data breaches (19 for every 100 people) from 2004 to Q4 FY22. India is the
fourth country to have the highest number of data point leaks. The study revealed that 738k
Indian accounts have been breached till now.

Recently, India’s government platform for connecting with its overseas population, Global
Pravasi Rishta Portal, leaked sensitive information like names, phones, passport numbers and
email addresses. The list goes on and on.

Since 2004, India has had over one billion data leaks, with an average of 4 data leaks per
hacked account. Since 2004, 51.8 billion data points—of which 15.5 billion were email
addresses—have been exposed. Each email address is exposed to 2.3 extra data points on
average.

Since the beginning of 2020, 2.5 billion accounts have been affected, accounting for 16.2% of
all worldwide breaches that have occurred since 2004. Every year, 11 out of 100 people
worldwide are affected. Breach rates, however, have decreased since the fourth quarter of
2020. As a result, the number of Indian data breaches decreased from 13,688,077 to 738,361.

One of India’s most leaked data points is passwords. Statistically, since 2004, for every ten
Indian online accounts, five passwords have been leaked. India ranks second in Asia and
sixth globally based on the breach count since 2004 (265.4M compromised internet users).
Accounts from Vietnam, Iraq, and America have been compromised with the most data
points.
 7. SUGGESTION AND CONCLUSION

Privacy is such a crucial aspect of life, thus it needs to be preserved and protected. In this
digital age people are to be believed that their data and privacy is protected but it is equally
vulnerable. Some people might be aware, but they do not have any solution for it. The
Internet is amazing and when used in the right way, it has the ability to broaden horizons, and
ignite creativity the world over. However, a good amount of people do not know that no one
can guarantee us both privacy, and security. In today's time, privacy is a myth, being just an
illusion, in reality, it is a separate scenario, wherein anyone could easily barge in. It is a losing
game in both perspective, individual and legal. The usage of electronic data has largely
supplanted the use of physical documents in this digital age. Additionally, there has been a
significant movement toward the e-model of working throughout this corona pandemic. The
most recent introductions are e-governance and e-court. Universities, businesses, and other
institutions operate online. There is more electronic data being produced by this new virtual
working style. It is essential to expressly and explicitly include "data" and "offences linked to
data" in the IPC's Chapter XVII definition of "property" and "offenders against property."