In the recent past, online frauds have caused nearly five times more loss than conventional crimes like murder, theft, burglary, etc., with the metro cities having registered most of them as per the available data. There have been instances of various forms of cybercrimes that specifically target and affect the Indian consumers, businesses, and government agencies. One of the significant factors is the increasing digitisation of India and its status as a global outsourcing hub which ultimately results in an ongoing target for cybercriminals. Further, Indian consumers and agencies have also fallen victim to prominent international cybercrimes.

All these contribute to privacy becoming a critical concern. With the rapid growth of technology, personal data gathering, analysis, and utilisation have reached new levels. As we overcome a period of data:driven innovation, it is critical to grasp the privacy implications and issues. The evolution of data is the lifeblood of the digital economy. According to the International Data Corporation estimate, the global data sphere is expected to exceed 175 zettabytes by 2025, a fivefold increase from 2018.

Every communication, transaction, and online activity generates massive amounts of data, contributing to an individual's digital footprint. Data collection and consumption are at an all:time high, from social media platforms and e:commerce portals to connected devices and smart cities. This data explosion creates an enormous opportunity for innovation, personalised experiences, and enhanced services but does, however, raise worries about privacy violations, data exploitation, and surveillance. This blog examines the challenges of a data:driven society. Further, it provides measures to protect privacy and pays particular attention to the legal domain related to the issue.

Key Challenges in the Data-Driven Society:

• Data Breaches and Cybersecurity Risks: According to IBM's "Cost of a Data Breach Report 2024," the average total cost of a data breach is $4.88 million globally, leading to a 10% increase over the last year and is also the highest total ever till now. In 2022, the Indian Computer Emergency Response Team recorded almost 13.91 lakh cybersecurity incidents.
• Surveillance and Profiling: The rise of surveillance technology, such as facial recognition devices, CCTVs, and data analytics, prompts worry about mass surveillance and potential privacy violations. The ability to gather and analyse enormous quantities of data enables the categorisation of individuals according to their behaviour, choices, and online activities, potentially leading to manipulation and invasion of privacy.
• Lack of Transparency and Informed Consent: The opaque functioning of many organisations regarding data collection, processing, and usage makes it difficult for users to understand their data handling. According to a Norwegian Consumer Council report, large internet corporations frequently deceive users into consenting to substantial data collection, violating the tenets of informed consent.
• Inadequate Regulatory Frameworks: Existing privacy laws frequently need to catch up with technological changes, exposing loopholes and discrepancies in adequately protecting personal rights.

Measures to Protect Information Privacy:

• Privacy-conscious practices: People should be proactive in protecting their confidentiality by using strong passwords, verifying privacy settings on a regular basis, and exercising caution when offering sensitive information online.
• Enhanced Data Security: In order to reduce the risk of information theft and cyberattacks, organisations must prioritise data security measures such as encryption, access limits, and frequent security audits.
• Ethical Data Practices: Businesses should employ open and ethical data practices, such as gaining express consent, conserving data, and incorporating privacy-by-design principles into product and service development.
• Robust Data Protection Laws: The government must implement and enforce stringent data privacy rules that are in step with technology changes and give individuals greater authority over their private information.

Current Legal Position and Subsequent Developments:

In India, privacy-related concerns are principally addressed by the "Information Technology (IT) Act of 2000." The key provisions are as below:

• Section 43A: It discusses compensation in circumstances of data protection failure. It requires companies that handle sensitive personal data to implement appropriate security practices and processes. Non-compliance that results in unjust harm or advantage to any person may give rise to compensational claims.
• Section 67: It criminalises the electronic publication or transmission of vulgar or sexually explicit content that violates an individual's privacy and provides punishment for the same.
• Section 69: This provision empowers the government with the authority to track, observe, or decrypt any information transmitted via computer resources for purposes pertaining to India's sovereignty, security, or integrity.
• Section 69A: Under this clause, the government may issue directives restricting public access to specific information or websites for the sake of the national interest or public order.
• Section 72: It deals with the breach of confidentiality and privacy. It penalises the infringement of privacy and security of any private data gathered within the course of delivering services under a legitimate contract.
• Section 72A: This clause punishes the wrongful release of personal information gathered throughout the process of providing services without the individual's consent.
• Section 79: This provision deals with the exemption from liability of intermediaries. It shields intermediaries (such as internet service providers and social media platforms) from accountability for any external data, content, or communication hosted on their platforms.

Some Important Judicial Rulings:

• The right to privacy was obtained from "Article 21 of the Constitution" by interpreting "Articles 12 and 17 of the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights," respectively. The case of Kharak Singh (1962) prompted the expansion of the "right to privacy under Article 21."
• The increased use of contemporary technology, which results in surveillance and data breaches and infringes on an individual's privacy, would be a violation of both "Article 19(1)(d) and Article 21 of the Indian Constitution." The case of "Maneka Gandhi v. Union of India (1978)" established a triple test, declaring that every law affecting an individual's own liberty must meet three criteria: legality, necessity, and proportionality.
• The decision in "Justice KS Puttaswamy v. UOI (2017)," in which a bench consisting of nine judges of the apex Court delivered an overwhelming decision and other relevant matters, establishing that the Indian Constitution guarantees every person a fundamental right to privacy, which is an inherent part of "Articles 14, 19, and 21." This decision overturned a 1962 decision by six judges in "Kharak Singh v. State of Uttar Pradesh," which concluded that the right to privacy is not a fundamental right and is not protected by the Constitution. It was also stated that the fundamental right to privacy is subject to reasonable restrictions.

Highlights of the Draft Digital Personal Data Protection Act, 2023:

After receiving the approval from both the houses of the Parliament and the assent of the President, the Digital Personal Data Protection Act has been officially enforced by the government with the primary aim of achieving enhancement in data protection and accountability for entities like mobile applications, internet companies and businesses handling data of the citizens.

Key features of the Bill are as under:

1. Data Principal and Data Fiduciary: The former is a person whose information is being gathered. Parents and legal guardians of minors under the age of 18 shall be deemed Data Principals. The latter is an entity that determines the purpose and method of processing personal data for an individual. Significant data fiduciaries who deal with enormous amounts of personal data are also included. The central government will determine who falls into this group based on specified criteria, and such entities will be required to establish a "Data Protection Officer and an independent Data Auditor.
    
2. Rights of the individuals: These include accessibility to basic information in languages listed in the Constitution's eighth schedule, the ability to give consent before the processing of their data and understand the intent behind such collection by the data fiduciary, as well as the ability to withdraw consent, demand deletion and revision of data collected by the data fiduciary, and designate an individual for performing these rights upon the occurrence of death or incapacity.
    
3. Data Protection Board: The Bill also proposes establishing a Data Protection Board to ensure that the Bill is followed. Consumers can register a complaint with the Data Protection Board if they receive an unacceptable response from the Data Fiduciary.

Conclusion:
Protecting privacy becomes critical as we stand on the verge of a digital deluge. With the rapid expansion of data, the privacy challenges will get more severe. We can deal with the future of privacy and maintain the delicate equilibrium between innovation based on data and individual liberties by raising consciousness, adopting privacy-conscious practices, passing robust rules, and supporting ethical data practices.

The right to privacy has become increasingly important in today's world. With our lives being captured by the media, whether through social media platforms or surveillance cameras, we need privacy so that we may function in the way we would like to and not put others ahead of ourselves. Following all, the only people we owe a rationalisation to are ourselves, not the rest of the world. It is the need of the hour that we work together to create a future in which privacy is embraced and preserved in the face of the digital tsunami.

References:

• https://www.ibm.com/reports/data-breach
• https://www.business-standard.com/india-news/1-39-million-cyberattacks-handled-in-2022-phishing-attacks-rise-cert-in-123111500614_1.html
• https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023
• Constitution of India
• The Information Technology Act, 2000

Award Winning Article Is Written By: Mr.Priyesh Kumar

Authentication No: OT430277730836-28-1024