The very notion of right to be let alone and to enjoy a personal space free from interference along with scrutiny can simply be known as privacy. Privacy is also defined as the right to selective revelation and one person’s loss of privacy is another’s gain in understanding. Privacy also forms part of personal liberty and is a precondition for an individual to exercise personal liberty and similarly privacy is also an essential feature for a dignified life. The integral core of an individual’s existence can be derived from the trio of liberty, dignity, and privacy.

Every person has the right to enjoy without any interference in his private life and liberty and get the protection of his personal data which is inextricably linked with privacy. The words public and private are to be understood in contradistinction. Therefore, in the present obtrusive information technology age, it is necessary that the right to be let alone and its protection is extremely important. The legal provisions governing data protection have to derive from various legislative enactments as there exists no comprehensive enactment.

Article 19 (1) (a) and Article 21 of The constitution can together carve out by the courts by their creative interpretation the Right to privacy. It has been established that this law evolved basically from torts and Constitution after close analysis of the development of privacy laws in India. Damages for violating one’s private space are found in common law as well as a reasonable restriction for the infringement of the same comes under Article 21.

No doubt the right to privacy has been acknowledged and accepted worldwide over as a necessary human right and it is trite modern law that privacy is an important component of human personality. By means of international and regional conventions, Human rights have been codified. Privacy has its prominent position in each of these regimes mentioned.

Today, the information superhighway is not the safest place for the matters of electronic transactions. The cyber-world and its related criminal activities have no territorial barriers and this makes everything complex because evidence becomes very hard to collect. Privacy in this e-market world would be a major area of concern in the upcoming years with a greater degree of damages. The interest that individuals have in sustaining a ‘personal space’ as Privacy is free from any type of interference by any other person or organization.[1]

Personal information could be in the form of personal interest, habit, and activities, family records, education records, communication means i.e. telephone and e-mail records, medical records, and financial records.

Why The Need For Information Privacy?

The need for privacy of personal information is so that the individual can lawfully claim that data concerning them should not be available to other individuals and organizations and at the same time these individuals and organizations should refrain from the control and use of it. The modern technological developments and convergence of computers and telecommunications technologies have created an environment in which there is inexpensive and ready access to an ever-growing pool of the personal information.

Businesses have a great stake in protecting this private information as individuals do and the online activities thrive only when there is trust in business while practicing and the electronic environment. Now let’s discuss the various types of privacy attacks.

Hacking
It is the unauthorized access to a computer and refers to access the whole are a part of a computer system without permission. Hackers attempt to hack into the remote computer systems for multiple purposes like data theft, fraud, cause damage to a computer system, etc. hacking has evolved over the period but still is understood as a complex mix of legal and illegal activities ranging from legitimate creative programming techniques t illicit manipulate worldwide phones or computer systems.

A hacker may mean a cyber burglar or an individual or group who believes in causing malicious harm to a network or computer or to steal any sort of information like password, credit card numbers, and names and address financial information, etc.

The trojan horse program is one of the most known offenses where data the data or programming is contained in a way to get control and do its chosen form of damage via a malicious or harmful code which may be done by ruining the file allocation table on a hard disc. [2]It is a type of snooping software, which may come as an e-mail borne virus. Such types of programs are even able to hide files and then when it goes online, upload the file to the hacker’s computer.

Distributive Denial of Service (DDS) is one of the most recent uses of Trojan attacks. In such type of attack, the client commands all of the ‘servers’ located on individual PCs to attack a single website. Clogging a website by thousands of individuals' PCs can be commanded and cause interruption of services. [3]

In the case of India, several cases have been registered or left unregistered related to hacking. Like in 2002, the website of the Assam Tourism Department was hacked by unknown hackers. Here the photography to tourism interest was replaced by pornographies by the hackers. [4]

Further, In 2003, the first person to be convicted for cybercrime was a 24-year-old engineer from Delhi who earned the dubious distinction in India. The case was registered following the complaint of Sony India Ltd. against the accused. It was alleged that the man, who was employed at the call center of Electronics Company, managed to chat with a woman in the USA and obtain her credit card details on the pretext of updating her bill.

Later, he used the same credit card number and bought a television and cordless phone through Sony-SAmbandh.com. The cost for both was $578. The holder of the credit card complained to the company that the transaction was unauthorized. After purchasing, the accused moved to a new address in Gurgaon. However, coon CBI traced the transaction to the call center through the IP Address. After the seven months trial, the accused was finally cracked. [5]

The Information Technology Act, 2000, deals with Hacking as:

1. Section 66 C:
   This the section deals with identity theft and provides that whoever, fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other person shall be punished with imprisonment for a term which may extend up to three years and shall also be liable to pay a fine of up to INR 1,00,000 (Rupees One Lakh)
    
2. Section 66 E:
   This the section provides that whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy[6] of that person shall be punished with imprisonment which may extend up to three years or with a fine not exceeding INR 200,000/- (Indian Rupees Two Lakh) or with both.

Spamming
This is another area of concern where cyber privacy is at stake and is becoming a major problem for all internet users. It is a type of weapon to help abusers, who repeatedly bombard an e-mail message to a particular address or addresses. It has been defined as an unsolicited commercial e-mail or unsolicited bulk e-mail.[7]

It has to be unsolicited and is considered of such type when there is no prior relationship between the parties, and the recipient has not explicitly consented to receive the communication. It is almost equivalent to unsolicited telephone marketing calls except that the users pay for part of the message since everyone shares the cost of maintaining the internet. [8]

Almost all spams are commercial advertising. It is a type of bulk mail obtained by companies that specialize in creating e-mail distribution lists from the sender’s point of view. The commercial websites collect information with automated searches to retrieve e-mail addresses. They get help via data mining and use cookies.

In Cyber Promotions, Inc. V. America Online,[9] the defendant, another online service provider in the USA, was receiving the same kind of annoyance from the plaintiff, and they did not care for the complaint. The Cyber Promotions were sent an e-mail bomb by the America Online that they can do the same to jam the entire Cyber promotions network.

Cyber Promotions has approached the court and contended that American Online has jammed its servers by sending e-mails. It was stated that they were only replying with the same coin and that the plaintiff is the one who had first initiated it and we are just replying with the same coin. The court in this matter had held that Cyber Promotions is guilty in the first place, and they should stop spamming.

Continuous spam could cause disruption, damage, or denial of service to a computer. Recourse can be taken under section 43 (d), (e), and (f) of the Information Technology Act, 2000 if in any case person is receiving a voluminous, regular supply of spam messages which states illegal to any sort of damage, disruption to any computer or data or program or sensitive personal data[10].

Section 43:
[Penalty and compensation] for damage to computer, computer system, etc.:

1. If any person without the permission of the owner or any other person who is in charge of a computer, computer system, or computer network
2. damages or causes to be damaged any computer, computer system or computer network, data, computer database or any other programs residing in such computer, computer system or computer network;
3. disrupts or causes disruption of any computer, computer system or computer network;
4. denies or causes the denial of access to any person authorized to access any computer, computer system, or computer network by any means;[11]

Web Bugs
These are also known as web beacon, which a file objects that are placed on a web page or in an e-mail message to monitor user behavior as a kind of spyware. Rather than the term web Bugs, the internet advertising community prefers the more clear term clear GIFS, invisible GIFs, Beacon GIF.

It is typically invisible to the user because it is transparent, matches the color of the background, and takes up only a tiny amount of space. It can usually be detected if the user looks at the source version of the page to find an IMG tag that loads from a different web server than the rest of the page. [12]

There can be a situation where the user can report back the time and date the user had opened it when an e-mail user opens his e-mail inbox and reads the message the web bug can call home. The sender by this means gets to know about this information. Although proponents of internet privacy object to the user of bugs in general, they can even be put for positive use like to track copyright violations on the World Wide Web.

If law enforcement needs to search a premise, they have to go through the legal process and require search warrants. But via web bugs, a computer can be subjected to search without following any legal procedure whatsoever. This is a gross violation of privacy especially at a time when a computer has become the storehouse of a person’s most valuable information and personal data or personal information.[13]

A penalty shall be imposed under section 43 (b) and (c) of the IT Act, 2000 if a web bug is planted in a computer without the permission of the owner of the computer and states:

Section 43:
Penalty and compensation] for damage to the computer, computer system, etc.

1. If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,
2. Downloads, copies, or extracts any data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
3. Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

Cyber Stalking
It is the term used for following a person when the person is surfing on the internet or browsing, where he goes, and what he does on the internet. This is done by an agency to profile a potential customer or by a potential criminal in search of information that can be used to commit crimes. Therefore, it has been considered as a privacy invasion and if it is done with the intention of committing a crime, the normal laws have to be taken care of such types of crimes and related activities. However, laws are yet to be developed for controlling these types of criminal activity i.e. breach of privacy.

The stalking also results in harassment which can be mental, physical, racial, religious, sexual, or any other as well. Thus, cyber harassment as a crime also brings another type of related area of violation of the privacy of users of the internet i.e. Netizens. Violation of the privacy of online transactions is a cybercrime of a serious nature, invading the precious and extremely intimate, touchy area of one’s privacy on the cyber network. Cyberstalking is now [14]these days are becoming more and more common as the use of computers, and the internet is increasing.

Phishing and Pharming
These are the names of false e-mails that deceive a user to reveal their personal information. Phishing is a way of capturing personal data by identifying theft, the act of sending an e-mail to the user falsely claiming to be an established legitimate internet address with a justifiable usually to verify personal information or private information.

This type of scam by e-mail is known as Phishing. The user may be asked to update the personal information which the legitimate the organization already has like password or credit card numbers via e-mail somehow directing the user to visit a website. Usually, there will be repercussions stated in the e-mail for not following the link, such as your account may be closed.

The website is bogus and set up only to steal the user’s information and the goal of the sender is to disclose the personal and banking information. The scams related to phishing occurs when cybercriminals try to get vital information and lure us into providing financial information or data such as book account number, charge account, or credit information. In scams related to Pharming scams, the software is planted in the computer system which re-directs the user from legitimate websites to scam look-alike websites.

Data Mining
With this rapid form of development in the area of information technology, today databases can range into the size of terabytes. But, at times it is difficult to arrive at a meaningful conclusion when the databases are so vast in size. There has been the latest solution to this problem is that of ‘data mining’.

There are two types of data mining i.e. descriptive and predictive. Descriptive models describe patterns in existing data and are generally used to create a meaningful sub-group such as a demographic cluster. On the other hand, predictive models can be used to forecast the explicit values which are based upon patterns determined from known results. For example, from a database on customers who have already responded to a particular offer, a model can be built that can predict which prospects are likeliest to respond to the same offer. [15]

Now a day, data mining is being used to increase revenues and to reduce costs through detecting and preventing waste and fraud. So, while innovative e-organizations are using data mining to locate and appeal to higher-value customers, and reconfigure their product offerings to increase their sales, individual privacy has been kept at stake, and harassment may continue in different forms done by themselves or via intermediaries.[16]

In the case of FTC v. Toysmart.Com, LLC, and Toysmart.Com, Inc, [17]:
Toysmart was one of the most famous toys’ portals on the internet. Through its website, it had collected detailed personal information about its visitors, including the name, address, shopping preferences, family profiles which include the name and birthdates of members. It had even posted a privacy policy that stated that information collected from the customers will never be shared with third parties by end of September 1999

Their policy states that: personal information, voluntarily submitted by visitors to our sites such as name address billing information and shopping preference is never shared with a third party.[18] But later when Toysmart had gone for official liquidation; all the assets of Toysmart went to the official receiver. He was in the process of selling all the assets of the Company when he had found out tremendous database. Soon FTC learned about possible violations of Toysmart’s privacy policy. FTC found out that the receiver was offering the database for sale. And once the data has been collected it could be put to use to which it was unrelated originally when it was collected.

Information and data privacy must be seen as an important aspect of personal particulars that should not be revealed to unauthorized persons. Thus, the privacy of any individual is certainly a concern for the legal framework in this information age.

In India, the legal framework of cyber regulation, the Information Technology Act, 2000 prohibits unauthorized disclosure of the contents of an electronic record. It is submitted that the issues like privacy rights, life, and personal liberty, the right to speech and the expression must be addressed and respected by the information communication technology regulations.

Indian Constitution And Privacy:

Finally in the judgment given in the Puttaswami's case gave relief after a decade of struggle in defining the hazy definition of the term ‘privacy’. This journey was not easy as the number of landmark cases had to go through critical scrutiny before the ‘right to privacy’ found its place as one of the fundamental rights. We were not done with praising the judicial pronouncement brought in the Puttaswami case that to our utter dismay, on 28th July 2018, Challenge was accepted by the so-called ethical hackers, who all in less than a day was shockingly and embarrassingly successful in taking out personal information of the TRAI chairman.[19]

In Maneka Gandhi v. Union of India[20] , Supreme Court interpreted Article 21 in a broad sense. Article 21 of the Constitution embodied that both the rights of personal security and personal liberty recognized are to be termed as ‘natural law’. The wide interpretation of Right to Life, which helped the Right to Privacy to fall into the scope of Right to Life had started in the case of Maneka Gandhi Case.

After the Puttaswami case, the perusal of the facts laid down reprising the fortune, it had brought in the judicial history by taking in arms ‘privacy’ as part of our Fundamental Right, it is not possible to deny the criticism it holds in not recognizing and declaring guidelines for data/ information privacy.

People s Union for Civil Liberties (PUCL) v Union of India[21] is related to phone tapping and it discussed whether telephone tapping is an infringement of the right to privacy under Article 21. Any type of telephonic conversation being part of modern man’s life may at times be of a confidential character. Supreme Court also said that whether the right to privacy can be claimed or has been infringed in a given case would depend on the facts of the said case.

In a society as people have become busybodies, greater consciousness in favor of the protection of the right of privacy has been yielded. Information technology has attained prominence in everyone’s daily life in contemporary society. With the generation of sensitive personal data in a bulky amount by the conscious or unconscious activities of people in everyday life, the lives of people have attracted more vulnerability. The concept of the Right to privacy has formed the face of many domestic laws for decades and even centuries.

The main argument with respect to regulation is that it may be a more effective form of commitment than a contractual arrangement. It is been argued that the problem for the concept of privacy "does not come from the slowness of the concept but the amplitude because he has the capacity of the protein to be everything to all lawyers. A legal concept will help us a little if it expands like gas to fill the available space.

It is been proposed that the concept of privacy is envisioned as part of the 'collective good' that is essential for the advancement of 'social good,' thus leaving it open for us to adopt a broader concept of privacy and to determine how broad it should be to protect. Ironically, this is conceptually very different from Western perceptions that are more 'individual'.

Contemporary and radical development in science and science technology has shown a serious impact on violations of confidentiality and privacy. Blend of existing technology referred to as the convergence of computers and telecommunications technology has created an environment where there is very easy access to storage and growing personal flow information.

With the advent of the Internet, now it has become very easy to extract, exploit, and arrange personal and confidential individual information as well as state parties too. What scattered, unimportant, small data has now become large sets of strong data that can be captured and misused by illegitimate people and anti-social elements. Remembering this phenomenal development has been enacted by many countries and adopting laws on control and regulation personal.

Existing standards and precedents by case-to-case development is the only solution to this problem. The analogy with the internet must be done taken from examples and cases that are handled by the court. At the same time, it can be assumed that it exists international standards and case precedents are developed the country will have a significant impact on India's law position and court decision in India.

In India, it may fairly be stated that the right to privacy is necessarily subservient to the national interests and national security at all times as per the detailed and critical study of legislative infrastructure about the right to Privacy.

The development of Internet law in the future leads to the fundamental difference between Application and enforceability.This is the relatively easy task of making laws that apply to certain activities carried out through Information Technology but much more difficult to make the law so that it can be enforced in practice.

Laws that cannot be enforced have some major defects that are, they not only fail to deal with the damage inflicted by law trying to improve but the knowledge that they cannot be implemented, weakening the normative power behind the law, thus, that law obeyed because of its normative power 'that is because of law. Law related to information technology has the the problem of inaction due to the trans-jurisdiction nature of the internet activities. Legal and regulatory systems are not just one that needs to be upheld jurisdiction, but all jurisdictions where the law applies to the entire range of activities.

Regarding privacy and Information Technology, privacy protection is very important regarding users to trust the electronic environment and that is the condition that is needed for the development of effective and comprehensive e-commerce, e-governance systems.

Suggestions:
Considering the impact, few suggestions are been advanced to strengthen the legal infrastructure related to Information technology and its impact:

1. The Indian Constitution does not guarantee the Right t0 Privacy as a fundamental right. The only credit goes to the Indian judiciary for recognizing the concept of privacy because neither the Constitution nor any other statute has defined the concept. Still, much more needs to be done for the recognition and protection of privacy by law in India
2. The Fundamental Right of Freedom of speech and expression has enshrined in the Constitution of India extending to the medium of Information Communication Technology as well and therefore, every citizen has the freedom to acquire or share the knowledge. Using information technology and related sources the subject is only to reasonable limits.
3. The right of an individual to protect his or her personal information is a basic civil right and is recognized as such around the world. So about the data and individual privacy, India should legislate for protecting the personal information of individuals and to secure that information collected for a specific purpose is used for that specific purpose only.
4. Earlier, before the entry into force of information technology Act, 2000, there was no legal infrastructure in the Indian legal context either explicitly acknowledged or denied generally the principle that information, records in electronic form should give legal effect.
5. The fact that there are many records and information they are maintained electronically or are easier to use in electronic form, therefore, the difference between manual records and electronic records must be reduced to realize digital format to promote e-transactions nowadays
6. Balance must be affected with scope legal provisions and variations by agreement in regular paper transaction format, that flexibility should be maintained on information technology transactions i.e. electronic transactions. This should be subjected to the reasonableness and fairness test
7. Control and regulatory authorities have an immense duty to develop and update the rules and practices that recognizes a new computer technology to carry out egomaniacs effectively and as well as the public interest.
8. The convergence of technologies in fashion is very vague in the field of information, broadcasting, and communication. Thus, a new legal framework urgently needed to regulate the current movements according to international standards.
9. It is in the current Indian scenario, efficiency, and effectiveness in implementing cyber regulations and controlling measures require structural changes in the framework as well as strengthening e-court infrastructure and their ability to achieve fast justice. Public use education cyberspace is highly needed for education awareness in the general public for cybercrime and related events.

In short, everyone should be aware and actively involved in prevention and solving together with the destructive side of information technology with an appropriate balance between regulations and self-regulation which are subjected to the different types of activities in cyberspace. To keep up with the pace of technological innovations laws should be rethought along with its impact of internet in mind to ensure the integrity of human values of privacy.

The way forward is to move from precarious and unwarranted data protection laws to the creation of effective policies designed to change the public's perception of privacy because it cannot be denied that those who own or process personal information must assume the task of confidentiality for its dissemination.

It can be concluded by saying that the law must be synchronized and developed with all possibilities to sustain the good moral and ethical values to overcome the challenges posed by the technological advancements. There must be evolution by the world community to protect the privacy and confidentiality in this database-driven age by making uniform law and universal codification of the internet.

End-Notes:

1. Roger Clarke, introduction to Information Privacy and Definitions of Terms. At http/www.anu.edu.au/Roger.Clarke.html (Visited on March 12, 2021
2. http//searchsecurity.techtarget.com
3. Deepti Chopra & Keith Merill : Cyber Cops, Cyber Criminals and internet , I.K. International Ltd, New Delhi
4. Raman Mittal and Neeloptal Deka, Cyber Privacy , P. 218-220, (Indian Law Institute, 2004)
5. Hindustan Times, Delhi , February 06,2003, India Gets its first cyber convict.
6. The term under circumstances violating privacy has been defined to mean circumstances in which a person can have a reasonable expectation that— (i) he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii) any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place
7. www.cert.org/techotipse-mail_bombing-spamming.html (Visited on March 21, 2021)
8. http://searchmobilecomputing.techtarget.com (Visited on March 21, 2021)
9. 948 F. Supp. 436 (E.D. Pa. 1996
10. The term sensitive personal data or information of a person is defined to mean such personal information which consists of information relating to:
    
    1. password
    2. financial information such as Bank account or credit card or debit card or other payment instrument details;
    3. physical, physiological and mental health condition;
    4. sexual orientation;
    5. medical records and history;
    6. biometric information;
    7. any detail relating to the above clauses as provided to body corporate for providing service; and
    8. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these regulations.
11. https://indiankanoon.org/doc/39800/
12. http://searchwebservices.techtarget.com/Definition
13. The term "personal information" has been explained to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
14. Nandan Kamath; Law related to computers, internet and e-commerce- A Guide to Cyber Laws, Universal Law Publication, Delhi. P.- 338
15. http//:www.twocrows.com/about_dm.html
16. The term intermediary with respect to any particular electronic records, has been defined to mean any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes.
17. Filed in US Bankruptcy court for the District of Massachusetts, eastern Division, Chapter -11, Case No. 00-13995-CJK,2000
18. http//:www.ftc.gov/apa/2000/o7/toysmart.htm
19. Aadhar, available at https://www.indiatimes.com/technology/news/after-aadhaar-leak-hacker-deposits-rs-1-in-trai-chairman-saccount-to-improve-system-s-privacy-350316.html (Visited on March 25, 2020)
20. 1978 AIR 597, 1978 SCR (2) 621
21. AIR 1997 SC 568, JT 1997 (1) SC 288, 1996 (9) SCALE 318, (1997) 1 SCC 301, 1996 Supp 10 SCR 321, 1997 (1) UJ 187 SC
    
    Award Winning Article Is Written By: Adv.Sakshi Rewaria
    

    Authentication No: JU34294992680-6-0621