Harm acts as a key barrier in privacy cases in various ways. It is a crucial element in many legal claims. However, courts often fail to recognize privacy harms unless they involve concrete financial or physical damage. Privacy harms are usually intangible, and courts handle these inconsistently and in a disorganized manner. Many privacies violations stem from broken promises or unmet expectations regarding the collection, use, and disclosure of personal data.

The immediate consequences of these actions are often unclear. Other violations include overwhelming individuals with unwanted ads or email spam. Additionally, people's data may be shared with third parties who might misuse it, though the specifics of this misuse are uncertain.

For many privacy harms, the impact might seem minor when viewed individually, such as the annoyance of receiving unwanted emails or ads, or the disappointment of data being shared without consent. However, when hundreds or thousands of companies engage in these practices, the harm accumulates.

These small harms are spread across millions or even billions of people. Over time, as individuals experience numerous minor harms, the overall societal impact becomes significant. Nevertheless, these types of injuries do not align well with judicial concepts of harm, which tend to be individualistic and prioritize immediate, tangible physical and financial injuries.

The designated article focuses on tortious harm caused due to privacy violations and legal recourse available to the aggrieved person in Indian context and international context.

Introduction to concept of right to privacy

The legal concept of the right to privacy is relatively new. It originated from a law review article published in December 1890 by two young lawyers from Boston, Samuel Warren and Louis Brandeis. Roscoe Pound remarked that this article essentially contributed a new chapter to our legal framework. With due reference to the Black's Law Dictionary defines privacy "the right that determines non-intervention in secret surveillance and protecting an individual's information.

It is of four categories. First, physical: an imposition whereby another individual is restricted from experiencing an individual or situation. Second, decisional: the imposition of an exclusive restriction on an entity. Third, informational: the prevention of searching for unknown information. Fourth, dispositional: the prevention of attempts made to know the minds of individuals".

The early recognition to right to privacy was given in a case of [1]Roberson V Rochester Folding Box Co by New York High Court . In this case an advertisement for Franklin Mills Flour had used a lithograph of Abigail Roberson without her consent. Roberson filed a lawsuit, claiming that she had been deeply humiliated by the mocking and ridicule of those who recognized her in the advertisement, damaging her reputation and causing significant emotional and physical distress. However, the court dismissed her claim, stating that there was no legal precedent for such a case in their prior decisions.

The court also asserted that establishing such a legal action was the responsibility of the legislature, as the courts did not have the authority to create new laws. This decision received many controversies from various legal journal and magazine but one year after this decision New York enacted a law regarding legal procedure for invasion of privacy.

Types of Harms

Physical harms
Privacy violations can result in physical harm, which includes bodily injury or death. These harms are widely acknowledged and are legally recognizable. . Unauthorized dissemination of personal information can facilitate opportunities for physical violence. For instance, model and actress Rebecca Schaeffer was murdered after a stalker acquired her home address from a private investigator who retrieved it from California motor vehicle records.

Economic harms
Economic harms encompass monetary losses or a decrease in the value of an asset. Privacy violations can lead to financial losses that the law has long recognized as legitimate harms. Even minor economic harms are considered valid by courts. In identity theft cases, plaintiffs can demonstrate harm when thieves use stolen personal data to make fraudulent transactions in their names.

Reputation harms
Reputational harms refer to damage to an individual's reputation and social standing. Privacy violations can cause such injuries, which have long been acknowledged. These harms diminish a person's "personal esteem in the eyes of others" and can tarnish their reputation.

Physiological Harms
Psychological harms encompass various negative mental reactions, including anxiety, anguish, concern, irritation, disruption, or aggravation. While privacy violations can trigger a broad spectrum of emotions, most of these reactions can generally be classified into two main categories: emotional distress or disturbance.

Emotional distress
One of the most prevalent harms resulting from privacy violations is emotional distress. This type of distress covers a broad spectrum of emotions, including annoyance, frustration, fear, embarrassment, anger, and varying levels of anxiety. The effect of emotional harm varies based on the specific emotion experienced. Fear, in particular, can be extremely detrimental due to its influence on individuals' life decisions.

Citron has documented the severe impact that fear has had on women subjected to impersonation, doxing, nude photo leaks, and online threats. Privacy violations can lead to emotional distress that hinders a person's life similarly to some physical injuries. The emotional burden of identity theft, for instance, can negatively impact victims' professional and personal relationships.

Disturbance
Disturbance refers to unwanted interruptions that disrupt tranquillity, interfere with activities, consume time, and generally serve as nuisances. Many courts have determined that unsolicited phone calls and text messages violating the TCPA are sufficient grounds for standing. As one court noted, the harm includes "wasting the consumer's time" and causing "interruption and distraction."

Right to privacy in Indian context

The initial development in the aspect of privacy was the case law of [2]Kharak Singh V State of Uttar Pradesh. In this case, the appellant faced harassment by the police under Regulation 236(b) of the UP Police Regulations, which allowed for night-time domiciliary visits. The Supreme Court ruled that Regulation 236 was unconstitutional and violated Article 21 of constitution of India.

The court concluded that Article 21 includes the "right to privacy" as part of the right to "protection of life and personal liberty." Justice Subba Rao equated personal liberty with privacy, noting that the concept of liberty in Article 21 was broad enough to encompass privacy. He observed that a person's home, where they live with their family, is their castle, and nothing is more detrimental to an individual's physical happiness and health than calculated interference with their right to privacy.

In the case of [3]R. Rajgopal v. State of T.N., Justice B.P. Jeevan Reddy noted that the right to privacy is inherently part of the right to life and personal liberty, and it encompasses the "right to be let alone." This means that individuals have the right to protect the privacy of their personal matters, such as family, marriage, procreation, motherhood, childbearing, and education. No one can publish information about these matters without the individual's consent, whether the information is true or false, or whether it is positive or negative. Doing so would violate the individual's right to privacy.

In [4]People's Union for Civil Liberties v. Union of India, the court ruled that government telephone tapping under the Telegraph Act constitutes a violation of Article 21. The court stated that if the facts of a case pertain to privacy, Article 21 can be invoked, as privacy is integral to the right to life and personal liberty. This right can only be infringed upon through a procedure established by law.

But the watershed moment which happened in privacy was the judgement of [5]KS Puttaswamy V Union of India. In this case supreme court of India acknowledged the 'right to privacy' as a fundamental right under article 21. The law which governs the privacy is [6]digital personal data protection bill, 2023. This act defined data protection authorities, punishment for invasion of data and defines the legal framework in case of breach of data.

Right to privacy in international context

The first legal framework which introduced the concept of right to privacy to whole world was UDHR [Universal Declaration of Human Rights] in article 12 of it's constitution which sates that "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation". Everyone has the right to the protection of the law against such interference or attacks.

Later, in 1966 ICCPR [International convent on civil and political rights] adopted right to privacy in article 17. The landmark decision on this aspect was delivered by Court of Justice of European Union [CJEU] in the case of [7]Schrems V Data Protection Commissioner. This case arose from a complaint against Facebook filed with the Irish Data Protection Commissioner (IDPC).

The complainant, Schrems, objected to Facebook transferring his data to the United States, citing Facebook USA's alleged involvement in the PRISM mass surveillance program. The Court of Justice of the European Union (CJEU) invalidated the Safe Harbor arrangement, which regulated data collection and transfer between the EU and the US. Schrems' complaint was grounded in EU data protection law, which prohibits data transfers to non-EU countries unless the transferring company can ensure adequate protection.

The Court determined that the necessary protection was not in place as required by EU data protection law and declared the Safe Harbor agreement invalid. The Court further noted that legislation allowing public authorities to access electronic communications content on a generalized basis compromises the essence of the fundamental rights guaranteed by Article 7 of the Charter of Fundamental Rights of the European Union.

From time to time many countries and legal systems of the world have adopted the approach as shown by CJEU and UDHR. US Supreme Court applied the same rule in case of [8]Pietrylo V Hillstone Restaurant Group, an employee created a private, invitation-only group on Myspace to express frustrations with their employer. A manager obtained the password to this private account, leading the group's creator to file a lawsuit for invasion of privacy. The Court ruled in favour of the plaintiff, citing that the group was intended to be private, accessible only by invitation, with each member using a unique username and password.

Conclusion
Tortious liability from emotional harm due to privacy violations is an issue that is becoming apparent in our day to day lives. As technology is steadily becoming a vital element in our daily activities, we must not forget the risks that are attached with it. So, protection of privacy become very crucial . Past few years court have given many judgements and many new laws have been amended on this topic in all of the world. There should be a proper balance between free flow of information and individual privacy.

The recent judgement and new laws indicate new trend toward the protection of personal information against the intrusive policies of big corporate houses and individual persons. The present lawmakers, businessman needs to be more vigilant of the consequences of leaking of the data. Preventive measures such as well updated privacy laws, uniform data protection equipment and providing data transparency are all the major issues that government of all countries should have focus.

To guarantee that justice is done and people right are properly protected in this digital age the legal framework which is governing the topic of tortious liability of emotional harm due to privacy violations must change along with the latest developing trends in the world and should be able to rectify itself .

References

1. George Washington Law University (2006), https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2076&context=faculty_publications
2. Boston University Law Review, Volume 102:793, https://www.bu.edu/bulawreview/files/2022/04/CITRON-SOLOVE.pdf
3. Columbia Law Review, Volume 114:789 https://columbialawreview.org/wp-content/uploads/2016/04/May-2014-7-Article-Volokh.pdf
4. University of Bristol (2015), https://research-information.bris.ac.uk/ws/portalfiles/portal/55674339/A_Common_Law_Tort_of_Privacy_final_.pdf
5. Pump Court Chambers (2020), https://www.pumpcourtchambers.com/2020/07/23/misuse-of-private-information-a-tort-in-its-infancy/
6. UNSW Law research series (2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3630004

Foot-Notes:

1. 171 N.Y. 538 (N.Y. 1902)
2. 1963 AIR 1295
3. 1995 AIR 264
4. AIR 1997 SC 568
5. AIR 2017 SC 4161
6. Digital personal data protection bill, Act no 22 of 2023, Acts of parliament (India)
7. C-362/14
8. c06-5754 (FSH)