In Today's fast-paced life, technology has spearheaded the central function of human behavior and modus operandi in every sphere of work. There is nothing remained untouched with the technology, and hence computer and information and technology have replaced the traditional mode of doing things from manual intelligence to that of artificial intelligence.

So all this no doubt has given the ease of life to the human beings, but at the same time, also brought some challenges pertaining to safety issues and precaution of the personal data and information of the people, which is provided, assimilated, and collected while transacting online, through the use of the internet service. In India till date no special act has been enacted yet, to deal with all kinds of data safety and information security issues.

The Information Technology Act 2000 along with the Indian Penal Code, The Constitution of India is some of the statues laws, which to some extent, protects the privacy of an individual from being invaded by others and lays down punishment. But that is not sufficient to deal with all kinds of technology-based violations of privacy rights.

The need of the hour is to bring forward a special law to deal with the privacy-related issue, at par with the international standards and as like most of the other developed nations have already enacted. The 'Personal Data Protection Bill '(PDP) Bill 2019, which the Indian parliament has recently drafted and introduced in the parliament, is yet to become the law. taking the said bill, into consideration it can said that, if it's being enacted and enforced, then it will certainly provide great relief in terms of giving protection to all the internet users regarding their data safety and security of the information that the internet-based intermediaries do come through and retain the users.

Introduction:
In Today's Techno-savvy world, digitalization has replaced the practice of storing and submitting documents in physical form, rather all are now stored in a computer device by the use of electronic form. This practice has many advantages as it is easy to access, retrieved quickly, and hence is very speedier to communicate. Therefore the peoples are feeling very reluctant to use this electronic form of data storing and exchanging, as it helps them to carry out their business very smoothly and without any hassle.

E-commerce as well as the entire social media platform is the primary and advanced technology-based entities, where we use and communicate and share our personal data for buying and selling products or hiring any services or for socializing with our personal connections, using the internet. Hence as such, all the data that we share are vulnerable towards misuse and invading the 'privacy' of the individuals.

The Right to Privacy is a part of the human right, as it has been specifically declared as such, in the United Nations Declaration of Human Rights and many national and other international treaties. Most of the developed nations even added the right to privacy as a fundamental right of their citizens. Privacy is best understood as a cluster covering interest in:

1. Control over information about oneself.
2. Control of access of information both physical and mental.
3. control over one's ability to make an important decision about family and lifestyle in order to be self-expressive and do develop varied relationships.

The term Privacy literally has many definition or analysis or meaning. Although the more precise concept was propounded by Samuel Warren & Louis Brandeis (1890) in their writing Right to privacy. They defined it as 'a right to be let alone' and which is protected by law. The above concept was later on laid as the foundation to control information about oneself. The Calicut Committee (1990) recognized individual right to be protected from any intrusion considering the personal, family life either physical means or from any publication or sharing of information[1].

William Prosser in 1960, wrote four different 'rather definite' privacy rights as follows:

1. Right from interference by others, in one person's private affairs.
2. Prohibition to disclose embarrassing facts about an individual.
3. Sharing false information about someone in public.
4. Taking an advantage by appropriate information about another, and by illegal means.

There are three international treaties that are widely recognized as the basis for the protection of Privacy. Those are Article -12 of the Universal Declaration of Human Rights, 1948, Article -17 of the International Covenant on Civil and Political Rights (ICCPR). Article-8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms, (ECHR). The Organization for Economic Development & Cooperation (OECD),

Guidelines for the (Protection of privacy and Trans Border of Data) also has equal relevance as it protects the right to privacy among its members. The Preamble of the Australian Privacy Charter also provides tha:
People have the Right to Privacy of their own body, Private Space, Privacy of Communication, Information Privacy Rights Concerning Information about a Person and Freedom Surveillance[2].

Even Quran:
The holy book of Muslim followers also contains a 'verse'-(24:27) –'O Believers Enter not houses other than your own houses, until you have obtained the permission of the inmates of houses and have the greeted term with peace. This is better for you, it is expected that you will observe this[3].

Thus, due to the advancement of information and technology and heavy involvement in doing an online transaction and by the use of internet and mobile phones, it has made people's lives easy. Now they can buy, sale, play games, communicate and share information through emails, book tickets online and reserve hotel rooms and even make banking transaction including the opening of an account and operating the bank account through the internet banking facilities.

All this is possible, just by a click of a computer mouse or by the tap of a phone, but major drawbacks are this online transaction that we do, were very susceptible for miss utilization of information which is stored, processed, and remitted online and causing more harm to the individuals by invading their privacy.

Research Objective:
In this research paper, the researcher aim and objective is to analyze the privacy of an individual using the internet or online services and the laws protecting the privacy in the cyber world in India and, what are the issues faced by the peoples. This the research paper also focuses on studying, how a special law is needed in India to protect the privacy of the peoples who are using internet services for doing online transactions.

Research Methodology:
The research methodology as adopted by the researcher is specifically qualitative, descriptive, and analytical in nature. The various sources from which the researcher has collected information are mostly from documents and files, articles available online data maintained in various e-repositories, books, legislative enactments, Acts. All the above information and data has been properly and systematically analyzed and on the basis of which research hypothesis has been formulated and answered by the researcher by following the rules of research methodology. And due consideration and credit have been given to all the references obtained in coming to a final conclusion on the research topic.

Review Of Literature:
The researcher in order to formulate the research the hypothesis has reviewed the following literature and statues as stated below:

• Indian Penal Code
• Indian Evidence Act
• Information technology Act of 2000.
• Consumer Protection Act of 2019.
• Indian Contract Act
• The Personal Data Protection Bill, 2019.

Invasion Of Privacy In Cyber World:

Due to the excessive dependence on the computer, as a tool for information sharing and retention of data and the use of the internet as a medium for data transfer, various invaders who indulge in the act of stealing the information, as shared through online by the user, either by use of malicious spyware, or by various computer bugs, or the data as collected from the website which is stored in the cookies folder of the computer.

Also the information that the user shares in the social networking profile i.e. Linkedin, Twitter, Facebook, Instagram, etc. are very prone to be accessed by any intruder and are easily manipulated and misused causing privacy intrusion issues to the concerned social media user. Threats also like email attachment containing malware that discloses personal information of the recipient of the mail to the sender or any intruder. Children, who use the internet, are also easy prey of the intruders because all the information fed by a child can be easily tracked by cybercriminals.

Wikipedia says that there are around 400 million users of the social media websites and almost all of the users, use the application for the purpose of chatting, uploading, photographs, and feeding vital personal information in their databases. Cybercrimes which is committed by the use of the internet, whereby computer is used as a tool or target and is the most advanced form of privacy intrusion.

Now a day's companies are hiring third parties to collect information about the peoples who are using the internet and social sites, to pile up their data records, about such peoples and their vital information, so that they can use the same for advertisement purpose or for selling it to some other companies. The protection of privacy and data of the peoples using the internet is the major issue nowadays, many countries have passed many laws to protect the privacy of their people.

In the U.S, in order to protect the interest of the children and their privacy who use the internet, the Federal Trade Commission has enacted The children Internet Protection Act 2000.

Lack Of Special Law On Privacy In India

Since a long period of time, India do not have a special law dealing with cyber crimes and cyber privacy issues, jurisdiction issues, and intellectual property rights issues, and a number of other issues. Perhaps it was the only n the year 2000; The India Legislature enacted the Information Technology Act, 2000 to deal with cyber crimes and cybercriminals. IT Act lays down penalty and punishment provisions for violation of certain laws which amounts as an offense.

The act was later on amended again in the year 2008 and knows as the Information Technology Amendment Act 2008. The Act contains a number of provisions which protects the privacy of a person from online intrusion and exploitation. It provides both fine and punishment by imprisonment in case of hacking (Section 43, 66), three years imprisonment for violation of privacy(section 66E), identity theft(Section-66 C) and cheating by personation (Section 66 D), offensive email (Section 66A).

Section 72A of the IT Act penalizes the unauthorized disclosure of personal information by any person who has obtained such information under a lawful contract and without consent of the person from whom such information belonged or taken. Apart from this the IT Act also provides provision for data safety.

Section 43A of the Information Technology Amendment Act 2008, lays down that all corporate bodies and intermediaries who possess, handle or collect any sensitive personal data shall maintain reasonable security practices and in case of failure they shall be liable to the person who is aggrieved by such misuse of data.

1. The government has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules only deals with protection of Sensitive personal data or information of a person, which includes such personal information which consists of information relating to:
   
   1. Passwords;
   2. Financial information such as bank account or credit card or debit card or other payment instrument details;
   3. Physical, physiological and mental health condition;
   4. Sexual orientation;
   5. Medical records and history;
   6. Biometric information.
      
      The rules provide reasonable security practices and procedures, which the body corporate or any person who on behalf of the body corporate collects, receive, possess, store, deals or handle information is required to follow while dealing with Personal sensitive data or information. In case of any breach, the body corporate or any other person acting on behalf of the body corporate, the body corporate may be held liable to pay damages to the person so affected.
       
2. Parliamentary Report on Cyber Security & Right to Privacy:
   The Parliamentary Standing Committee on Information Technology in its 52nd Report on Cyber Security and Right to Privacy said that a significant increase in cyberspace activities and access to internet use in India coupled with lack of user end discipline, inadequate protection of computer systems, and the possibility of anonymous use of ICT allowing users to impersonate and cover their trends of crime has emboldened more number of users experimenting with ICT abuse for criminal activities. The Committee is of the opinion that this aspect has a significant impact in blunting the deterrence effect created by the legal framework in the form of the Information Technology Act, 2000, and allied laws.

The Committee has listed several offenses which fall under the purview of cyber-crimes and the remedies available within the existing legal framework. Cyberstalking or stealthily following a person and tracking his internet chats is punishable under Sec 43 and 66 of the IT Act, 2000 while video voyeurism and violation of privacy is a crime under Section 66E of the IT Act with a punishment of three years with fine. The Department of 82 Electronics and Information Technology (DeiTY) during the course of evidence submitted to the Committee that with regard to the data pertaining to privacy related cases booked under Sec 72(A) of the IT Act the number of cases registered have risen from 15 in 2010 to 46 in 2012 while the number of persons arrested were 22 in 2012.

The Committee members were of the opinion that considering the nature of cyberspace which is borderless, balancing cybersecurity, cyber-crime and the right to privacy is an extremely complex task. The members were also unhappy of the fact the government is yet to institute a legal framework on privacy. It urged upon the Department of Electronics and Information Technology (DeiTY) in coordination with the Department of Personnel and Training and multi-disciplinary professionals/experts to come out with a comprehensive and people-friendly policy for the protection of the privacy of its citizens[4].

Personal Data Protection Bill 2019

The Government of India, therefore, constituted a committee to propose a draft statue on data protection. The committee proposed draft law and the govt. of India has issued the Personal Data protection Bill 2019 (PDP) Bill based on the draft proposed by the committee. This will be India first law on the protection of data and it will repeal section-43A of the IT Act.

The PDP Bill, proposes a broader reach. It will not only apply to persons in India but also to persons outside India in relation to business carried out in India. The PDP Bill, proposes to apply both on manual and electronic records. The PDP bill proposes creating a Data Protection Authority in India. The Authority will be responsible for protecting the interest of data principals, preventing misuse of personal data and ensuring compliance within the new law.

The PDP Bill proposes to protect Personal Data relating to the identity, characteristics trait, attribute of a natural person and Sensitive Personal Data such as financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, religious or political beliefs. Pursuant to the PDPB being enacted into an Act, there are several compliances to be followed by organizations processing personal data in order to ensure the protection of privacy of individuals relating to their Personal Data. Consent of the individual would be required for the processing of personal data.

Based on the type of personal data being processed, organizations will have to review and update data protection policies, codes to ensure these are consistent with the revised principles such as update their internal breach notification procedures, implement appropriate technical and organizational measures to prevent misuse of data, Data Protection Officer to be appointed by the Significant Data Fiduciary, and instituting grievance redressal mechanisms to address complaints by individuals.

In a Landmark Judgement delivered on August 23rd 2017, Justice K.S Puttaswamy (Retd.) Versus Union of India (Case NO- WP (C) 494/2012 ), the Hon'ble Supreme Court through its 9 Judge Bench held that the fundamental right to privacy is guaranteed under the Constitution of India.

The Court stated that every person should have the right to control the commercial use of his or her identity and that the right of an individual to exclusively use and commercially exploit their identity and personal information, to control the information that is available about them on the internet and to disseminate certain personal information for limited purposes only which emanate from this right. This is for the first time Supreme Court has expressly recognized the right of an individual over his personal data.

Conclusion:
Though the idea pertaining to the protection of data is very old but due to the immerging trend of technological dependence and use of personal data is manifold, hence this new trend needs a new law to deal within tracking and controlling the techno-savvy peoples and organizations by providing guidelines to prevent misuse of personal data.

Peoples using online medium for sharing data or transferring information while doing e-commerce transaction or any other communication purpose treasure their privacy and link it to personal freedom and so have a right to control data about them. It is further required that every e-organization privacy practices should be bench marked against national and international standards for privacy and fair information practices to meet the emerging challenges.

Although customer's easily share their personal data while doing online transactions or by interchanging communications but still it is the state's responsibility to look and protect the interest of its citizens. As because due to lack of specific statutory law dealing with the protection of data in India, the courts measurably fails to protect the information as shared to the companies by punishing them for violation of trust.

Hence, it is highly required and need of the hour, that the Protection of Personal Data Bill 2019 which is pending in the parliament for approval and ascent of the president be immediately passed and approved so as to protect the personal data of the citizens from being misused.

End-Notes:

1. (Olmstead Vs. United States (1928), available at http;//archieve.aclu.org/issues/privacy/hmprivacy.html
2. The Australian Privacy Charter (1994), available at; http;//www.anu.edu.au/people/Roger.Clarke/DV/Privacy Charter.html.
3. Surah-An-Nur(24:27-37) Al-Quran-al -Kareem at; https://quran.com/24/27-37?translations=20
4. Report on Cyber Security & Right to Privacy submitted by the Parliamentary Standing Committee on Information Technology Act presented on Feb 12th 2014, under the chairmanship of Rao Inderjit Singh to the fifteenth of the Lok Sabha.