Privacy is a critical element for the development of human personalities. Previously, man owned personal property such as land and a house. As a result, his privacy was tied to his own property. The threat to his privacy came from the government, which has the authority to search and seize, as well as private individuals who trespassed on the land.

However, as science and technology have advanced, people's lives have become increasingly monitored by society. The means of communication, particularly the media--both printed and electronic--have also contributed to the invasion of an individual's privacy. Personal information about the individual is revealed to society that was not intended to be disclosed. A person want to control the dissemination of his personal information in general. So the focus of privacy gradually shifted from property to personal information.

The researcher has extensively discussed this shift in the research. With the increased use of information technology and computers, service providers collect personal information about individuals. This personal information is illegally utilized for commercial purposes. As a result, an individual's privacy is violated, encroached upon, and invaded. In the present age of information revolution, a person's informational privacy is violated. The ramifications of this invasion may result in the loss of both legal and human rights.

It is important to evaluate how technology advancements have altered the reach of legal requirements. The protection offered by legal provisions is quickly rendered insufficient as a result of technological advancements that alter the character or use of technology. Progressive technical advancements frequently limit the reach of existing legal protections. In the modern period, technological technology has had an unparalleled impact on the law.

Introduction
Over the ages, the idea of privacy has changed and grown. Over the last few centuries, there has been a shift in the definition of privacy from property to person, with the most recent addition of data and information. In Latin, privacy was originally known as "Privatus." In Latin, it is essentially the adjective "privus." "Single" is the archaic meaning of it. It is then employed as "one's own" later on in time. The concept of ownership has evolved from that of tangible objects, such as property, to that of ethereal objects. These intangibles could be knowledge, emotions, or cognition. Privacy was first related to an individual's possessions.

There are numerous facets to privacy. Protecting personally identifiable information, sometimes referred to as "data privacy" or "information privacy," is one of these elements. The fundamental component of privacy is the right of an individual to legitimately assert that information about him will not be accessible to other people or organizations. In addition, he will have authority over the information that other people possess and how they use it. He anticipates having considerable control over how other people handle the data. People therefore believed that a specific framework was required to safeguard their interests. The nature of this protection needs to balance other competing interests with privacy. Due to interconnection, the threat to information security has multiplied as communication and information technologies become more and more integrated into daily life.

Technologically developed nations such as the United States of America, the United Kingdom, and the European Union began to experience the fallout from the invasion on their citizens' rights. The European Union was the first to attempt to pass the necessary legislation in response to these dangers. The European Union prioritized the right to privacy as a human right and protected it under the European Convention on Human Rights (ECHR), which member nations were required to uphold through their own legal frameworks.

It will be crucial to observe the global trend toward the adoption of privacy and data protection regulations. Slowly but surely, India is likewise adopting rules and legislation that are based on the same ideas as other nations. In order to protect privacy and safeguard data, the researcher has attempted to compare the 136 laws and enactments passed by other nations with those passed by India.

Concept Of Privacy:

It is difficult to conceptualize privacy and the right to private. It has been interpreted differently depending on the circumstances. According to Tom Gaiety, "the inviolability, integrity, and intimacy of one's personal identity, including marital privacy, are bound to be included in the right to privacy." Jude Cooley defined privacy law and said that privacy is 'the right to be let alone'. "Zero relationship between two or more persons in the sense that there is no interaction or communication between them, if they so choose," is another way that Edward Shils has defined privacy.

In a very elegant way, Warren and Brandeis have explained that once a civilization has distinguished between the "inner" and "outer" man, between the life of the soul and the life of the body, then man can remain and become himself in what is known as the private sphere. Privacy has become a recognized concept in modern culture, both legally and in everyday speech. However, because various legal systems place varying emphasis on different issues, it differs. A neutral relationship between individuals or groups, or between individuals and groups, is what privacy is. Differentiating among societies, privacy is a value, a cultural state, or a situation aimed at the individual on communal self-realization.

A person's right to freedom of speech and expression under the Indian Constitution suggests that they are allowed to voice their opinions on any topic. Individuals possess the freedom of life and personal liberty, which may only be taken away through legally prescribed procedures. These clauses arguably grant people the right to privacy, either individually or in groups. A person's right to privacy is further protected from arbitrary arrests, and they have the freedom to declare and practice any religion they choose.

A person cannot have their property taken from them illegally, unless the law specifically permits it. Property privacy is likewise protected. The broadest definition of personal liberty is found in article 21, which covers a range of rights that together make up that liberty, including autonomy, human dignity, self-evaluation, limited and protected communication, limiting exposure of man, and secrecy.

Certain rights, such as the freedom of speech and expression, the right to life and personal liberty, the right to travel around freely, and the rights of both individuals and society, have been elevated to the status of fundamental rights and are protected by article 19. As such, Article 21 upholds an individual's dignity and safeguards their right to privacy. The ability to regulate how one's personal information is used and shared is related to privacy.

Right To Privacy And Constitution Of India:

The Indian Constitution does not have a particular provision pertaining to the right to privacy. Not included in the list of Fundamental Rights is the right to privacy. However, courts have frequently addressed different facets of the right to privacy and supported this right in light of the fundamental right protected by Article 21-the right to life-as well as a number of other Constitutional articles when read in conjunction with the Directive Principles of State Policy.

The first tort identified by Prosser-intrusion into one's privacy-was maintained by the Hon'ble Supreme Court in Kharak Sing (1963), a case in which the Uttar Pradesh Police Regulations were contested. The petitioner was detained in Dacoity, but he was later freed because there was no proof against him. He was placed under police observation after the police created a file on him. Regulation 236 of Police Regulation UP defines surveillance as: covert house picketing, unannounced visits to suspects' residences, overnight domiciliary visits, etc.

The petitioner contested the legality of Regulation 236 in particular as well as Chapter XX of the UP Police Regulation. The majority of judges upheld the validity of the rule. Subba Rao and Shah JJ ruled in a minority judgment that, among other forms of surveillance, the domiciliary visitation kind of surveillance violated an individual's right to privacy under Article 21. The idea that the right to privacy may be inferred from other fundamental rights was therefore recognized for the first time.

The Supreme Court conducted a more thorough analysis of the right to privacy in Gobind (1975). It examined the constitutionality of a regulation that allowed for monitoring through a number of the means listed in the regulation in question. The regulation was upheld by the court. Regulation was found to be "procedure established by law," meaning that it does not violate Article 21. The Court recognized the basic right to privacy as originating from Art. 19(1)(a), (d), and 21 although with a restricted extent. Additionally, it was decided that under Art. 19(5), reasonable limitations in the public interest may be imposed on this right, which makes it non-absolute.

The Gobind ruling by the Supreme Court restored the right to privacy in Indian law. In Pooranmal (1974), the Court decided that as there is no particular fundamental right to privacy, the evidence gathered through unlawful searches cannot be dismissed on the grounds that it violates private. This ruling diminished a person's protection against unauthorized search and evidence seizure. Furthermore, the right to privacy was likewise disregarded. In V.S. Kuttan Pillai (1980) , the Supreme Court ruled that even in cases when counteravailing state interests prevented a search from producing results, a general warrant for the search and seizure of specified papers would not constitute an invasion of privacy.

The Supreme Court stated in R. Rajgopal (1994) 167 that the right to privacy has just been granted constitutional validity and is implicit in the citizens' right to life and liberty as protected by Art. 21. It's appropriate to be left alone. A person's "right to safeguard the privacy of his own, his family, marriage. procreation, motherhood, child bearing, and education among other matters." The court made an effort to balance the two essential rights-the right to privacy and the right to free speech and expression-which occasionally clash. The Court presented additional arguments and concluded that the residents of this nation are given the right to life and liberty, which includes the implicit right to privacy by Art. 21.

Tapping the phone, which involved disclosing information, is another way that privacy is violated through invasion and intrusion. The Supreme Court ruled in R. M. Malkani (1973) that the courts would shield innocent people's telephone conversations from improper or overbearing intervention, such as the tapping of the discussion by the police. Even though it had nothing to do with the right to privacy, it was nonetheless protected.

The Supreme Court gave greater thought to the constitutionality of telephone tapping in People's Union for Civil Liberties (PUCL) (1997). The right to privacy is a component of the rights to life and "personal liberty" guaranteed by Article 21 of the constitution, the Court declared in the current case. once the specific facts of a case establish a right to privacy. The right in question cannot be restricted "unless according to procedure established by law," as stated in Article 21.

The specific facts of each case will determine whether or not the right to privacy can be asserted or has been violated. The Court has further declared that "man's private life includes important phone conversations." The "right to privacy" undoubtedly refers to the freedom to speak on the phone without interruption at one's house or place of business. This indicates that unless it is approved by the legal process, telephone tapping would violate Art.21. It must be a "just, fair, and reasonable" process.

In India, tapping telephones is legal according to Telegraph Act, 1885, Section 5(2). According to the Court, this section is legitimate under the Constitution. The conditions and justifications for issuing a warrant for telephone tapping are outlined in this section. The Court ruled that tapping a phone can only be done for the purposes specified in Article 19(2) of the Indian Constitution, One area in which courts have recently protected the right to privacy is the disclosure of personal information. Courts frequently hear cases involving unauthorized disclosure that violate someone's right to privacy and render decisions.

Privacy And Data Protection:

Information about an individual should not be automatically made available to other individuals and organizations in order to protect privacy and data. Each individual needs to have significant control over how that data is used. Data protection is a legal defense against the improper use of personal information about a person on any media, including computers. It is the implementation of physical, technological, or administrative barriers to protect personal information. Privacy and data protection are closely related.

Information on an individual, such as his name, address, phone number, occupation, family, preferences, and so forth, is frequently accessible at a variety of locations, including banks, schools, colleges, directories, polls, and websites. Giving such information to interested parties may result in privacy invasions such as constant sales calls. The Information Technology (Amendment) Act, 2008 enumerates the primary concepts pertaining to privacy and data protection. These include defining data, as well as the civil and criminal penalties for violating confidentiality and privacy and for violating data protection.

Information Technology Act, 2000:

The sole Act that addresses the majority of data protection concerns to date is the Information Technology Act, which went into effect in 2000. However, it does not address all difficulties. The first piece of legislation that includes data protection requirements was actually the Information Technology (Amendment) Act, 2008, which was passed by the Indian Parliament. Section 2(1)(o) of the Act defines "Data" as a representation of knowledge, facts, concepts, or instructions that are being prepared or have already been prepared in a formalized manner and are meant to be processed in a computer system or computer network. They can be stored internally in the computer's memory or in any form, including computer printouts, magnetic or optical storage media, punched cards, punched tapes, or punched cards. The concept of "data" would be more pertinent in the context of cybercrime, as the IT Act makes no mention of personal data.

Additionally, the IT Act defines important words related to data protection, such as "access," "computer," "computer network," "computer resource," "computer system," "computer database," "data," "intermediary," "secure system," and "security procedure." The purpose of the aforementioned provision is to prevent someone who has gained access to such information from unfairly using it by sharing it with a third party without the relevant party's consent.

It might be argued that this restriction also extends to "data" and "communication," as "third party information" is defined as "any information dealt with by an intermediary in his capacity as an intermediary." According to Section 79, an intermediary is not responsible for any information, data, or communication link that a third party supplies or uses at his request, unless the circumstances specified in Subsections (2) and (3) of that section apply.

There is no definition of personal data in the IT Act. Moreover, the meaning of "data" would have greater significance in the context of cybercrime. A technical framework of security measures is what data protection entails, ensuring that data are handled in a way that keeps them safe against unanticipated, unintentional, unwanted, or malicious use.

Silent Features Of It Act, 2000:

• It provides for extra-territorial jurisdiction, so difficulties in deciding jurisdiction can be avoided.
• Facilitation of e-governance activities-recognition, authentication, and security of e-records is provided.
• Recognition and security of electronic contracts.
• Provisions of encryption and electronic signatures.
• Data protection and reasonable security practices.
• Intermediaries are responsible in certain situations.

Civil Liability And Data Protection:

In cases of computer database theft, computer trespassing, unauthorized digital copying, downloading and extracting of data, privacy breach, etc., civil liability is provided under the Information Technology (Amendment) Act of 2008. Additionally, section 43 stipulates penalties for a variety of cyber violations, including:

1. Related to unauthorised access to computer, computer system, computer network or resources;
2. Unauthorised digital copying, downloading and extraction of data, computer database or information, theft of data held or stored in any media;
3. Introduced any computer contaminant or computer virus into any computer system or computer network;
4. Unauthorised transmission of data or programme residing within a computer, computer system or computer network;
5. Computer data/database disruption, spamming etc.;
6. Denial of service attacks, data theft, fraud, forgery etc.;
7. Unauthorised access to computer data/computer databases;
8. Instances of data theft (passwords, login IDs) etc.;
9. Destroys, deletes or alters any information residing in a computer resource etc.;
10. Steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage.

Section 43 explanation (ii) defines a computer database indicates "a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalized manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network."

Section 43A provides for 'compensation for failure to protect data', it provides: "Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected".

The amount of compensation that can be granted is not restricted in any way. 'Sensitive personal information' is the foundation for Section 43A, which allows for civil action for security breaches. Other than that, sensitive personal data is not specifically protected by Indian law. If a company fails to protect a person's personal information, including sensitive information, while it was being processed by it, either through carelessness in putting in place or upholding appropriate security procedures, the aggrieved party may be entitled to compensation under Section 43A.

As a result, this clause offers a right of compensation against anybody other than the person in charge of the relevant computer facilities, so granting someone the protection against having their personal information revealed to, altered by, or taken advantage of by third parties. Both data controllers and the subjects of personal information may utilize this section to take legal action against third parties. Only the fact that they will be "affected" in various ways makes compensation justified. Additionally, it states that gaining illegal access to data carries legal consequences.

Criminal Liability And Data Protection:

The Information Technology (Amendment) Act, 2008 establishes criminal liability for offenses such as computer database theft and privacy violations. This Act introduces extensive amendments to Chapter XI, which includes sections 65-74, covering a broad spectrum of cybercrimes. These offenses include unauthorized tampering with computer source documents, performing fraudulent acts outlined in section 43, sending offensive messages via communication services, receiving stolen computer resources or devices, identity theft, cheating by impersonation using computer resources, invasion of privacy, cyber terrorism, transmitting obscene material electronically, sharing material containing sexually explicit acts, transmitting content depicting children in sexually explicit acts, and intermediaries violating section 43(1).

Additionally, it includes failing to comply with orders from the controller, intercepting, monitoring, or decrypting information using a computer resource, blocking public access to information via computer resources, intermediaries breaching section 69B(2) by refusing to assist authorized agencies in monitoring and collecting data for cybersecurity, accessing or attempting to access computer resources that affect Critical Information Infrastructure, providing false information to the Controller or Certifying Authority, breaches of confidentiality and privacy, disclosure of information in violation of a lawful contract, issuing electronic signature certificates with false details, and using electronic signature certificates for fraudulent or illegal purposes.

Other than the Information Technology Act, which may grant the government broad authority to monitor and gather traffic data as well as potentially other data, India has no particular data protection laws. The IT Act does not impose requirements on data quality with regard to personal information, nor does it require private sector firms to reveal specifics about their data handling procedures.

Right To Privacy Under Information Technology Act, 2000:

The case of Shreya Singhal (2015)64 has challenged the fundamental right under Art. 19 (1) (a) rather than the fundamental right under Art. 21. On Facebook, a social media platform, two women posted comments regarding Mumbai City's complete closure following the passing of a powerful political figure. Both of them were taken into custody by the police under S. 66A of the Information Technology Act of 2000 and S. 295A of the Indian Penal Code. Following that, they were freed and the accusations made against them were withdrawn. The Information Technology Act of 2000's Section 66A permits law enforcement to make an arrest and bring charges against a person without a warrant. People became alarmed after seeing the action.

Artificial Intelligence And Privacy:

Artificial Intelligence (AI) is another rapidly advancing technology. The 2021 Report of the United Nations High Commissioner for Human Rights notes that "the operation of AI systems can facilitate and deepen privacy intrusions and other interferences with rights in a variety of ways." Similarly, the report by Derechos Digitales and Privacy International states, "AI tools are widely used to gain insights into patterns of human behavior. These tools can make far-reaching inferences about individuals, including their mental and physical conditions, and can enable the identification of groups, such as those with particular political or personal leanings.

Many inferences and predictions significantly impact the enjoyment of the right to privacy, including individuals' autonomy and their right to define their identity. They also raise important questions about other rights, such as freedom of thought and opinion, freedom of expression, and the right to a fair trial." Although AI's interference with the right to privacy is significant, Indian courts and laws have yet to recognize it explicitly. While courts and legislative bodies have started examining the technological impact on privacy, specific protections against privacy violations by AI have yet to be clearly identified.

Conclusion
As a conclusion, the analysis of digital privacy under the Information Technology Act emphasizes the crucial necessity for strong legal frameworks to protect personal data in the digital age. While the IT Act and its modifications lay the groundwork for dealing with cybersecurity threats and ensuring data protection, they fall short of fully protecting individuals' privacy rights. The Act's provisions on data protection, consent, and responsibility are critical, but they must be enhanced to match the quickly changing technical landscape and the growing sophistication of cyber threats. The proposed Personal Data Protection Bill seeks to address these loopholes by establishing more explicit regulations for data collection, processing, and storage.

To successfully safeguard digital privacy, Indian legislation must evolve over time, embracing worldwide best practices and reacting to new difficulties brought by emerging technologies such as artificial intelligence, big data, and the Internet of Things. Strengthening the legislative framework would protect individual privacy while also increasing trust in digital services, encouraging India's secure and robust digital ecosystem.

Written By: Rajsee Khedkar
Under guidance of - Prof. Prajakta Pimpalshende