Privacy, a fundamental right under Article 21 of Constitution of India, 1950. Also a fundamental human entitlement enshrined in the Universal Declaration of Human Rights, necessitates safeguarding data privacy. During computer forensic examinations, it is imperative to exclude personal data unrelated to the subject under investigation.

While privacy protection is governed by laws in most countries in the physical realm, legislation governing private data handling exists in various jurisdictions. The widespread use of computers in the contemporary era results in vast amounts of private data, elevating expectations to uphold human rights in digital investigations. Nonetheless, a forensically robust model for safeguarding private data within digital investigations remains absent, posing a threat to privacy when such data processing occurs.

Data Privacy and Digital Forensic Investigation

There are various laws and guidelines of investigation but because of this new era of digitalisation, law is taking time to evaluate the basics for forensics in terms of Data Privacy. As it always happens innovation runs at 10x speed then the formation of required regulation and laws. Until 2023, there was no national specific Data Privacy Act but Privacy as a matter of fundamental right was already declared and recognised in the case of Justice K.S. Puttaswamy & Anr. vs. Union of India & Ors., also known as the Right to Privacy verdict, which is a landmark decision of the Supreme Court of India, which holds that the right to privacy is protected as a fundamental right under Articles 14, 19 and 21 of the Constitution of India.

Now since Digital Personal Data Protection Act, 2023 (DPDP Act) has came into effect but without the rules for proper guidelines, there is absence of robust framework or regulation for protecting the data privacy in digital forensics, for which we should ethically approach to Digital Forensic Investigations. Since Cyber-enabled crimes are escalating, prompting law enforcement to extend their detection efforts into the digital realm.

Consequently, the field of digital forensics has evolved significantly, enabling the discovery of extensive evidence crucial for prosecuting cyber criminals. Governments have also embraced the capability to monitor suspicious online activities. However, concerns regarding the ethics and fairness of unrestrained investigations persist on multiple levels.

For example, at the organizational level, unrestricted investigations may impede and harm an organization's right to control the disclosure of its intellectual property. At the individual level, forensic investigations risk violating the legal privacy rights of those under scrutiny. Societally, there is apprehension about the perceived inequality in current investigative practices.

Law in India for Forensics

Before delving on the impact of data privacy, we should understand the Admissibility of Forensic Science and Evidence in India which falls under Sections 45 and 46 of the Indian Evidence Act 1872 which outline the criteria for admitting forensic reports in court proceedings. These sections encompass the following key points:

1. The court may call upon skilled experts possessing technical and practical knowledge relevant to the case whenever it deems it essential.
2. The court will give weight to reports provided by officials or experts who have reached their conclusions through meticulous procedures conducted in good faith.
3. Evidence deemed inconsequential by the court but deemed relevant by the expert's assessment will be granted significance based on the expert's opinion.

But a forensically robust model for safeguarding private data within digital investigations under Indian Laws remains absent, posing a threat to privacy when such data processing occurs. Also, we have discussed the issue mentioned above which clearly shows the need to ethically approach the digital forensic investigations that respects both individual privacy rights and organizational intellectual property disclosure rights, while also addressing the needs of law enforcement.

The proposed approach aims to mitigate potential injustices and restore equality among stakeholders in the digital forensics arena. This approach offers a basis for re-evaluating the balance between the demands of digital forensic investigators and the expectations and rights of individuals and organizations.

Impact of Data privacy on forensic procedures

Since data privacy legislation like DPDP Act 2023 or GDPR greatly influences forensic practices, particularly in the realms of data gathering, retention, and examination. For legal professionals, it's vital to assess the legal ramifications of data privacy within forensic inquiries.

1. Legal Landscape: Start by comprehending the pertinent data privacy statutes and guidelines within your jurisdiction. These regulations often dictate the procedures for gathering, storing, and scrutinizing digital evidence. For instance, the General Data Protection Regulation (GDPR) or Digital Personal Data Protection Act, 2023 mandates stringent criteria for handling personal data like legitimate grounds for processing the personal data or their retention.
    
2. Consent and Authorization: Securing consent or authorization for digital evidence collection and analysis is frequently imperative to ensure alignment with data privacy statutes. This might involve obtaining consent from individuals whose data is under scrutiny or obtaining legal authorization such as a court order or warrant.
    
3. Data Minimization: Adherence to data privacy laws typically requires the collection and analysis of only essential data in forensic investigations. For example logs, etc. This principle, safeguards individuals' privacy rights and diminishes the risk of personal data misuse.
    
4. Data Security: Upholding the security of digital evidence is paramount for compliance with data privacy regulations. This entails implementing robust encryption, access controls, and data retention policies to safeguard the confidentiality and integrity of evidence.
    
5. Cross-Border Data Transfers: When digital evidence necessitates cross-border transfer for analysis, it's crucial to consider the legal ramifications of international data transfers. Data privacy laws may restrict the transfer of personal data to countries lacking adequate data protection measures.
    
6. Compliance and Reporting: Thorough documentation and reporting of compliance with data privacy laws throughout the forensic process are essential. This involves maintaining detailed records of data collection, storage, and analysis, and promptly reporting any data breaches or incidents to relevant authorities.

Therefore data privacy exerts a significant influence on forensic procedures, necessitating a thorough understanding of legal intricacies to ensure the lawful and ethical collection and analysis of digital evidence. Also, from a forensic perspective, even the GDPR does not expressly forbid conducting investigations. In fact, there are specific clauses within it that authorize data collection and retention for investigative and legal reasons.

Additional Rules that needs to take care of in forensics

It is also important to keep in mind the following basic rules governing Forensics & Digital Evidence besides data privacy impact to safeguard our side:

• 1st Rule: Investigators must refrain from actions that could alter data on seized devices, as any changes may jeopardize the authenticity of the evidence in court.
• 2nd Rule: Any authorized individual conducting investigations directly from the original data source must possess both legal and technical competence. They must also be capable of later explaining the significance and outcomes of their actions when presenting evidence.
• 3rd Rule: The entire process of collecting, preserving, and presenting digital evidence must maintain a transparent chain of custody and audit trail. Furthermore, an impartial third party should be able to replicate the procedures and obtain identical results.
• 4th Rule: The lead investigator bears the responsibility of ensuring compliance with the aforementioned rules, as well as adherence to technical protocols and legal requirements.

Chain of Custody: This refers to the meticulous documentation of the chronological sequence detailing the handling, transfer, analysis, and disposition of physical or electronic evidence.According to the third rule of forensic and digital evidence, it is imperative to maintain continuity and traceability throughout the entire chain of custody. To achieve this, the investigating officer must maintain a detailed logbook, recording every event meticulously. This documentation should encompass not only the seizure of articles but also all software activities, including program executions, removals, and additions of hardware. The chain of custody must remain continuous and unbroken.

Conclusion
The discourse underscores the paramount importance of privacy rights in both national and international legal frameworks. As delineated in the Constitution of India and the Universal Declaration of Human Rights, privacy is a fundamental entitlement that demands robust protection, particularly in the digital age. While laws and regulations are evolving to address data privacy concerns, there remains a notable gap in the domain of digital forensic investigations. The absence of a comprehensive framework for safeguarding privacy in digital forensics poses challenges, including potential violations of individual rights and organizational intellectual property.

However, progress is being made. The Right to Privacy verdict in India and legislation such as the Digital Personal Data Protection Act, 2023, signal steps towards enhancing privacy protections. Additionally, ethical considerations are gaining prominence, urging stakeholders to adopt a balanced approach that respects both investigative imperatives and privacy rights. Moving forward, it is imperative for legal professionals and forensic investigators to navigate the complexities of data privacy laws and ethical principles.

By adhering to legal requirements, implementing robust security measures, and upholding transparency and accountability in investigations, stakeholders can mitigate risks and uphold the integrity of digital forensic practices. Ultimately, a harmonious alignment between investigative needs and privacy rights is essential to ensure fairness, accountability, and trust in the digital forensic process. As technology continues to evolve and legal frameworks adapt, it is incumbent upon stakeholders to remain vigilant and proactive in addressing emerging challenges and upholding fundamental rights in the digital realm.

References:

• https://medium.com/@eastafricatechsolutions/data-privacy-rights-protection-in-digital-forensics-investigations-3b8324eaf8a7
• https://blog.ipleaders.in/forensic-law-jurisprudence/
• https://www.sciencedirect.com/science/article/pii/S2666281720300263
• https://lup.lub.lu.se/luur/download?func=downloadFile&recordOId=8938272&fileOId=8948560
•  Book named as "Cyber Crime (First) Response Guide" by Anuj Agarwal
• Indian Evidence Act, 1872

Award Winning Article Is Written By: Mr.Suvrat Jain

Authentication No: JN454289959394-24-0624